How new cybersecurity laws will affect businesses

How new cybersecurity laws will affect businesses

Cybersecurity Minister Tony Burke recently proposed new legislation that would result in the country’s first standalone law. Cybersecurity lawbut how will this affect Australian businesses?

As previously reported on Cyber ​​Daily’s sister brand, Lawyers Weekly, Cybersecurity Minister Tony Burke has proposed new legislation in the lower house that would result in the country’s first stand-alone law. Cybersecurity law.

The proposed new legislation will introduce mandatory reporting for those who have paid ransom to malicious actors, minimum cybersecurity standards for smart devices and the creation of a Cyber ​​Incident Review Board, all under seven sections of the Australian Cyber ​​Security Strategy 2023-2030.

Meanwhile, the Commonwealth Government has released another set of legislative proposals to tackle cybersecurity issues, following on from recent privacy and AU reforms.

The HR Executive recently spoke with Dan Pearce, General Counsel at Holding Redlich, about the potential impact the proposed legislation could have on Australian organisations.

Pearce first explained the content of the legislation.

“As part of the Government’s new agenda to address cyber security, the proposed role of the Cyber ​​Incident Review Board will be to review and assess major cyber incidents that impact Australia’s defense or give rise to serious concerns among the public,” Pearce said.

“It will have the power to request information from relevant entities, allowing it to review how incidents were handled and provide findings that will help prevent future events.”

“While the board may share its findings with government and industry, any public reporting will not assign fault or infringe on legal rights. Through these reviews, the board aims to improve understanding and prevent similar incidents in the future.

According to Pearce, the legislation will result in an extension of the Critical Infrastructure Security Act access to data systems in critical infrastructures.

“The amendments to Critical Infrastructure Security Act of 2018 (SOCI Act) will extend the legislation to cover data systems associated with a critical infrastructure asset. Digital networks that support essential services, such as utilities, healthcare and finance, are increasingly vulnerable targets in cyberwarfare,” Pearce said.

“By expanding the scope of the law, the government will have greater regulatory authority over data systems associated with critical infrastructure warfare that, if compromised, could disrupt national security or public safety.

“Additionally, these changes provide regulators with new authority to address significant weaknesses in an entity’s risk management program when national security is threatened.” For organizations, this means new obligations to protect these systems and meet regulatory requirements.

The proposed legislation also includes mandatory reporting within 72 hours for ransom payments, security standards for smart devices and other aspects that organizations should be aware of.

The legislation places greater responsibility on businesses and organizations to report acts of ransomware payments, for which Pearce believes organizations need to strengthen their cybersecurity measures to ensure they are able to comply with these regulations.

“The proposed cybersecurity legislative package introduces new requirements for organizations, particularly those managing data systems related to critical infrastructure,” Pearce said.

“To prepare, organizations will need to review and strengthen their cybersecurity measures to ensure they meet these requirements, such as the new 72-hour deadline for reporting ransomware payments to the Australian Signals Directorate.

“This may involve evaluating internal security measures, reviewing incident response plans and preparing for increased regulatory requirements. By staying informed of these changes, organizations can better position themselves to comply with legislation and manage potential cyber threats.


This article was originally published on HR Leader.

Reproductive health benefits an issue for more tech workers

Reproductive health benefits an issue for more tech workers

Google AI makes traffic lights more efficient and less annoying

Google AI makes traffic lights more efficient and less annoying

Leave a Reply

Your email address will not be published. Required fields are marked *