Cyber security is no longer solely an IT issue—it is a business imperative. With the Cyber Security Act 2024 now law, Australian businesses must adapt to new legal obligations designed to strengthen the nation’s cyber resilience. Whether you are a business leader or IT service provider, now is the time to assess your cyber security strategy and ensure compliance.
Why This Matters for Your Business
The Cyber Security Act 2024 is part of Australia’s 2023-2030 Cyber Security Strategy and aims to bring the country in line with international best practices. Key measures include:
- Mandatory cyber security standards for smart devices
- Ransomware payment reporting obligations
- Increased government-industry engagement on cyber incidents
- The establishment of a Cyber Incident Review Board
Failure to comply with these new requirements could result in financial penalties, reputational damage and increased regulatory scrutiny.
Key Changes and How They Impact Your Business
1. Mandatory Security Standards for Smart Devices
If your business manufactures, supplies or sells smart devices (IoT), you must meet strict security standards to continue operating in Australia.
What’s Required?
- Unique passwords for each device (no universal defaults).
- A vulnerability reporting system to manage security issues.
- Transparency on how long a device will receive security updates.
What You Should Do:
- Review your product security compliance.
- Prepare a Statement of Compliance for all smart devices.
- Monitor updates to subordinate rules shaping final compliance obligations.
2. Mandatory Ransomware Payment Reporting
If your business is hit by a ransomware attack and makes a payment, you must report it within 72 hours—or risk penalties.
Who Must Comply?
- Businesses operating in Australia with an annual turnover above AUD 3 million.
What’s Required?
- Reports must be submitted via the Australian Signals Directorate’s cyber.gov.au portal.
- Businesses must provide incident details, ransom amount and communications with the attackers.
What You Should Do:
- Ensure your incident response plan includes mandatory reporting protocols.
- Ensure your IT and legal teams are on top of ransomware response best practices.
- Conduct a cyber risk assessment and test your response plan with an expert cyber security consultancy.
3. Government-Industry Collaboration on Cyber Incidents
The new law encourages businesses to engage with the National Cyber Security Coordinator during major cyber incidents. Information shared voluntarily under this scheme will have limited use protections—but it is not a legal shield from liability.
What You Should Do:
- Understand what information can and cannot be shared.
- Clarify reporting obligations with your legal team.
- Develop a clear communication plan for cyber incidents.
4. Establishment of a Cyber Incident Review Board
The Cyber Security Act 2024 introduces a Cyber Incident Review Board (CIRB) to investigate major cyber incidents and improve Australia’s overall cyber resilience. This board will analyse significant breaches, identify systemic security failures and provide non-binding recommendations to strengthen cyber security across industries.
Key Functions of the CIRB:
- Conduct post-incident reviews of major cyberattacks.
- Identify lessons learned and share best practices with businesses.
- Issue advisory reports on cyber resilience improvements.
- Collaborate with government agencies and industry leaders.
What This Means for Your Business:
While CIRB reports are advisory, they will likely shape future regulatory requirements and industry standards. Businesses that suffer a significant cyber incident may be reviewed by the CIRB, with findings made public in certain cases.
What You Should Do:
- Ensure your incident response plan is up to date and well-documented.
- Proactively adopt best practices highlighted in CIRB reports.
- Engage in industry discussions to stay ahead of potential regulatory changes.
How Cyber Collab Can Help
The Cyber Security Act 2024 introduces complex compliance requirements—failing to prepare could mean financial penalties, operational disruption and loss of customer trust.
The Cyber Collab team has decades of experience helping businesses design practical and effective cyber security defences, as well as responding to cyber breaches. Based on this experience, we have designed a series of service solutions which work with your existing teams and resources to deploy the best tools and intelligence to position you ahead of the latest malicious cyber trends so you are optimally positioned in terms of business continuity.
Cyber Collab can help you:
- Assess whether compliance gaps exist in your ecosystem under the new Act.
- Develop a cyber security strategy that meets regulatory requirements.
- Implement an incident response plan that aligns with best practices.
- Train your leadership team and employees on cyber risk management.
- Test existing processes and environments to verify they are operating as intended
Book a Complimentary Consultation Today
Cyber threats are not waiting—neither should you. Schedule a complimentary consultation with Cyber Collab’s CEO Chris Watson today for an initial appraisal of your needs to ensure your business is ready for the latest cyber threats and new regulatory landscape.
Contact us today to get started.