MailGuard Oct 11, 2024 3:59:45 PM 4 MIN READ

Cyber Security Legislative Package Introduced to Parliament

This week the ‘Cyber Security Legislative Package’ was referred to the Parliamentary Joint Committee on Intelligence and Security. The package consists of the:

Its intention is to implement initiatives aligned with the 2023-2030 Australian Cyber Security Strategy, aiming to fix gaps in legislation and bring Australia in line with international best practices.

Some of the measures include:

  • Mandatory Security Standards for IoT Devices:

Introduces mandatory security standards for internet- and network-connectable devices to enhance protections and reduce vulnerabilities in IoT products.

  • Mandatory Ransomware Reporting:

Requires businesses to report cyber incidents and ransomware payments to the Australian Government to improve understanding of the threat landscape and inform responses.

  • Cyber Incident Review Board:

Establishes an independent body to review significant cyber incidents, offering insights and recommendations for improving cyber resilience.

  • Limited Use Obligation:

Restricts how incident information shared with the National Cyber Security Coordinator is used, encouraging voluntary reporting without fear of regulatory repercussions.

  • Government Coordination:

The National Cyber Security Coordinator leads the government’s response to significant cyber incidents, facilitating a coordinated approach to mitigate and resolve threats.

The bill is designed to adapt to evolving cyber risks, support industry collaboration, and align with international standards for improved national cybersecurity.

Plus, the package includes reforms to the Security of Critical Infrastructure Act 2018 (SOCI Act), including:

  • Clarification of existing obligations in relation to systems holding business critical data.
  • The enhancement of government assistance measures to better manage the impacts of all hazards and incidents on critical infrastructure.
  • Simplification of information sharing across industry and Government.
  • The introduction of a power for the Government to direct entities to address serious deficiencies within their risk management programs, and
  • Alignment of regulation for the security of telecommunications into the SOCI Act.

Parliament is inviting submissions by Friday, 25 October 2024, and for more info about making a submission you can find it here.

To assist with planning, they ask that you indicate your intention to make a submission by Friday, 18 October 2024 by emailing pjcis@aph.gov.au.

If you’re wondering what the changes mean for your business or your customers, legal firm Gadens offer some of their advice on their website here, commenting:

If passed, the Cyber Security Bill would streamline a number of cyber security standards and reporting obligations and introduce several new penalties and regulatory powers for non-compliance with key obligations. As there is no monetary threshold for the application of these new laws, larger enterprises as well as small business will be affected equally, so entities of all sizes should prepare for a material uplift in their information security compliance processes and procedure to meet the new requirements.

Keeping Businesses Safe and Secure

Prevention is always better than a cure, and one of the best defences is to encourage businesses to proactively boost their company’s cyber resilience levels to avoid threats landing in inboxes in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for businesses to fortify.

No one vendor can stop all email threats, so it’s crucial to remind customers that if they are using Microsoft 365 or Google Workspace, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a specialist third-party cloud email solution like MailGuard.   

MailGuard provides a range of solutions to keep businesses safe, from email filtering to email continuity and archiving solutions. Speak to your customers today to ensure they’re prepared and get in touch with our team to discuss fortifying your customer’s cyber resilience.

Talk to us

MailGuard's partner blog is a forum to share information; we want it to be a dialogue. Reach out to us and tell us what your customers need so we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.

Australian partners, please call us on 1300 30 65 10

US partners call 1888 848 2822

UK partners call 0 800 404 8993

We’re on Facebook, Twitter and LinkedIn.

Keep Informed with Weekly Updates