The Australian Government has published its Cyber Security Strategy 2023-2030 together with its Australian Cyber Security Action Plan.

The Government will shortly release a Consultation Paper to work directly with industry to inform proposed legislative reform on new initiatives to address gaps in existing laws and amendments to the Security of Critical Infrastructure Act 2018 to strengthen protections for critical infrastructure.

The cyber-security strategy does not include a prohibition on making ransom payments, but makes it clear that paying a ransom does not guarantee that sensitive data will be recovered. It also makes Australia a more attractive target for criminal groups.

The Government says it will co-design with industry options to legislate a no-fault, no-liability ransomware reporting obligation for businesses.

Separately

The Australian Signals Directorate has published the Australian Cyber Security Centre (ASD’s ACSC) ASD Cyber Threat Report for July 2022-June 2023.

This year’s report found that malicious cyber activity in Australia continued to increase in terms of frequency, cost and severity compared to the previous year.

The top 3 types of cybercrimes reported by individuals were identity fraud, online banking fraud, and online shopping fraud. These 3 cybercrimes accounted for 52% of all reported cases by individuals.

On 13 November 2023, ASIC released Report 776, ‘Spotlight on Cyber: Findings and insights from the Cyber Pulse Survey 2023’. The Report summarises trends and findings from the cyber pulse survey and identifies areas for improvement, highlighting practical examples of better practices for organisations to adopt.

If you found this article helpful, then subscribe to our news emails to keep up to date and look at our video courses for in-depth training. Use the search box at the top right of this page or the categories list on the right hand side of this page to check for other articles on the same or related matters.