Australia has enacted its first standalone Cybersecurity Act, expanding government powers, mandating reporting of ransom payments, and strengthening regulations for Internet of Things (IoT) devices. This legislation, part of the Cybersecurity Strategy 2023–2030, has elicited mixed reactions from industry stakeholders.
Australia’s Minister for Cybersecurity, Tony Burke, emphasized the importance of collaboration between the government and businesses, highlighting that enterprises will have swift access to assistance in the event of incidents. The Act also establishes the Cyber Incident Analysis Council, tasked with examining the aftermath of cyberattacks and formulating recommendations.
Business leaders have largely welcomed the initiative. Palo Alto Networks praised the Act for enhancing national cyber resilience, increasing transparency in handling ransom payments, and raising standards for IoT device security. The company underscored the critical role of private sector involvement in the work of the Cyber Incident Analysis Council.
ExtraHop supported the new approach, noting that mandatory reporting of ransom payments would boost transparency, while bolstering critical infrastructure protection would strengthen the country’s cybersecurity posture. However, StickmanCyber criticized the limitations placed on the Council’s powers, describing them as an added burden on businesses.
Secure Code Warrior stressed the importance of regulating IoT device security, pointing to the global trend of holding manufacturers accountable for software vulnerabilities. The company highlighted the need for investment in developer education to enhance software security.
WatchGuard Technologies suggested that the legislation provides businesses with a compelling incentive to reassess their cybersecurity strategies. The new measures demand the development of more robust threat response plans, which will help organizations safeguard both their reputation and assets.
Check Point Software Technologies drew attention to the surge in IoT-targeted attacks, noting that the new security requirements will address many critical vulnerabilities. The Act also mandates that ransom payments must be reported within 72 hours, facilitating coordinated response efforts.
Experts acknowledge that while the new legislation presents challenges for businesses, it is poised to build a more secure digital future for Australia. However, further refinement of key provisions will be essential to maximize its effectiveness.
