SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Firewalls
#
Ransomware
#
Encryption

Australia’s Cybersecurity Act races against augmented hacker revolution

Today
By Julian Fay, Chief Technology Officer, Senetas

As global cyberattacks surge—fuelled in part by increasingly sophisticated adversaries harnessing artificial intelligence—our national approach to cybersecurity must adapt quickly. Australia's new Cybersecurity Act, particularly its mandatory reporting requirements, is a good first step in this direction, by reshaping how companies of all sizes think about and respond to cyber risk. 

The Act mandates that businesses report ransomware payments within 72 hours, which will give policymakers a far greater understanding of the reality Australian businesses face. Currently, it is speculated that many ransomware incidents remain undisclosed. This requirement compels all businesses, including Australia's small and medium-sized enterprises (SMEs), to reassess and strengthen their cybersecurity frameworks.

Australia's cybersecurity laws now have real bite
The Cybersecurity Act does not sit in isolation. Australian business owners face significant responsibilities when it comes to cybersecurity. Existing legal frameworks, like the Corporations Act, impose duties on directors to exercise with care and diligence in managing risk including cybersecurity cyber risks. Recent high-profile breaches in Australia have led to key leadership changes, most notably the resignation of CEOs at Medibank and Optus.

For too long, however, ransomware attacks and data breaches have remained a "dirty secret"—a problem swept quietly under the rug to avoid reputational harm and costly downtime. The Cybersecurity Act is a shift from obscurity to visibility and is a compelling motive for companies to prioritise cybersecurity. Rather than waiting for a catastrophic loss or reputational hit, organisations must continuously review, improve, and adapt their cybersecurity frameworks. 

The Act stops short of prohibiting ransomware payments, recognising that an outright ban could push some businesses, particularly SMEs, into insolvency as many victims find themselves with no viable alternative to keep business operations going other than to pay up. Holistic cybersecurity is a noble goal, but we don't want to put people's livelihoods at undue risk in the process.

Preparing Australia to counter emerging cyber threats
While the Act sets minimum security standards for internet-connected devices, it is not particularly prescriptive on what that entails. Australia needs to look to other examples around the world and take inspiration from the most effective policies. We should be welcoming sensible minimum standards similar to those in the UK, which include requirements for unique passwords and regular firmware updates for internet connected devices.

There is also an argument to be made when it comes to mandating certain foundational technologies, like encryption. Ensuring all data is protected wherever it is stored or shared is no longer a "nice-to-have", but an absolute necessity in an age where personal and sensitive information is at perpetual risk.

This is, however, a balancing act. Raising the floor with mandatory minimum standards should be done with caution — each requirement can add significant compliance costs for manufacturers that the Australian end-user will ultimately pay in some form or another.

As we grapple with new legislative frameworks, we cannot ignore the rapidly shifting threat environment. According to Amazon's CISO, CJ Moses, malicious attempts have risen from 100 million hits per day to 750 million—an explosion attributed to adversaries leveraging AI. 

From hyper-realistic phishing emails to automated vulnerability scanning at scale, hackers are harnessing cutting-edge tools. This escalation underscores that cybersecurity is, and always has been a cat-and-mouse game. Each new defence prompts a more cunning form of attack, and emerging technologies like AI—and eventually quantum computing—raise the stakes.

Despite the challenges, I remain cautiously optimistic. Over time, widespread adoption of proven defences like encryption, combined with the greater transparency and data-driven insights enabled by this Act, will help Australia stay ahead. 

The law of accelerating returns cuts both ways; just as hackers benefit from AI, defenders can too; automating threat detection, patch management, and incident response. 

By embracing the Cybersecurity Act and adopting advanced technologies, Australian businesses can build resilience against evolving threats. 

The journey will be challenging, but the intersection of policy, innovation, and best practices offers a path to a more secure future for Australia.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
SentinelOne earns Gartner Customers' Choice recognition
The imperative of cybersecurity in manufacturing
Mike Cunningham appointed as MD of Optic Security Group
Sneaky scams to watch for this holiday season (and how to outsmart them)
LexisNexis to acquire IDVerse for advanced AI fraud tools
Top stories
Commvault partners with Cybermindz to support mental health
CyberArk on cybersecurity predictions for 2025
Tecala achieves ISO27001:2022 certification for security
TechConnect partnership saves Marist Brothers 30% on IT costs
Exclusive: How Semperis is tackling identity-based cyber threats in APJ region