Two impact categories rose. Staff impacts increased from 5.9% to 10.0%, driven by employees or owners resigning or losing their jobs, and legal or regulatory issues rose from 5.1% to 7.9%, driven by litigation or legal action against businesses. Among SME owners reporting harm, insurance premiums increased for 5.5%. The rise in legal and regulatory harm coincides with an expanding compliance regime. Since May 30, 2025, businesses with annual turnover of $3 million or more, and entities responsible for critical infrastructure assets, must report ransomware and cyber extortion payments to the Australian Signals Directorate (ASD) within 72 hours under Part 3 of the Cyber Security Act 2024. Failure to report can attract civil penalties of up to $19,800, and the Department of Home Affairs moved from an education-first approach to active enforcement on Jan. 1, 2026.
Click Here For The Original Source.
