The Government has introduced three pieces of legislation regarding cybersecurity which will have some implications for some small businesses
The Cyber Security Bill introduces requirements for the security of smart devices (IoT devices), sets mandatory reporting requirements for ransomware, sets out the modalities for the coordination of significant cybersecurity incidents, and establishes a Cyber Review Board.
More specifically:
- Ransomware payments must be reported by companies with an annual turnover of over $3 million.
- Information may be voluntarily provided to the National Cybersecurity Coordinator for significant cyber security incidents. This information is subject to strict rules of use and disclosure and would be for the purposes of supporting the affected entity and other Australian interests.
- Relevant connected products may be subject to mandatory security standards, applicable to the manufacturers and suppliers. Rules (to come) would be able to set a standard for specific classes of connected devices and certificates of compliance, which must be provided.
- A Cyber Incident Review Board will be established to undertake reviews into certain cybersecurity incidents and make recommendations for future actions to prevent, detect, respond to or minimise future incidents.
Other Bills introduced include:
- Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Bill 2024 – this amends the Security of Critical Infrastructure Act 2018 to support the response to serious incidents, and enhances cybersecurity obligations for critical telecommunications assets; and
- Intelligence Services and Other Legislation Amendment (Cyber Security) Bill 2024 – the Bill amends the Intelligence Services Act 2001 regarding the communication and use of limited cybersecurity information.
Take a look at our Cybersecurity Hub, where we discuss key strategies, tips and advice to safeguard your business from the world of cyber threats.
