Security leaders in Australia however are grappling with a unique set of challenges spurred on by moving regulatory goalposts, compliance scrutiny and an uptick of ransomware attacks targeting our shores, said Arctic Wolf A/NZ director of security services, Mark Thomas.
The ransomware reporting rules will “add a layer of complexity that businesses must consider when facing ransom demands”, he claimed.
“Businesses simply [pay] ransoms as a matter of protocol, organisations will need to reassess their security protocols and weigh up the financial, legal and reputational consequences of coughing up,” said Thomas.
While the rules only apply to businesses over a certain size, businesses of all sizes, even the SMBs (not bound by the same requirements), should be so quick to dismiss what is happening in the cyber security landscape.
Thomas said SMBs need to take the opportunity to review their risk environment and strengthen their overall cyber resilience as a critical business function.
“Ransomware isn’t an issue that only large enterprises face,” he said. “Australia’s security industry needs to ensure that the SMB community, the lifeblood of our economy, isn’t left behind as cybercriminals evolve their tactics.”
According to the Department of Home Affairs this is the first phase of Part 3 of the Cyber Security Act 2024, which prioritises an education-first approach period for the first six months after commencement, to socialise the reporting form with regulated entities, manage any challenges and identify key compliance barriers.
This will take the Department to Phase two in January 2026, where more advanced guidance resources will be disseminated incorporating feedback from the initial implementation of the Ransomware Reporting Rules.
