Disclosure: Lifestyle Wealth Partners Pty Ltd and its advisers are authorised representatives of Fortnum Private Wealth Ltd ABN 54 139 889 535 AFSL 357306. General Advice Warning: Any information on this website is general advice and does not take into account any person's objectives, financial situation or needs. Please consider your own circumstances and consider whether the advice is right for you before making a decision. Always obtain a Product Disclosure Statement (If applicable) to understand the full implications and risks relating to the product and consider the Statement before making any decision about whether to acquire the financial product.

Cyber security reform proposing mandatory standards for smart devices and reporting requirements for some businesses “strike the right balance” and puts Australia on the path to learning from past incidents.

New legislation to create the nation’s first standalone Cyber Security Act was introduced to federal parliament’s lower house on Wednesday.

“This is a significant step in achieving the Australian government’s vision of becoming a world leader in cybersecurity by 2030,” Cyber Security Minister Tony Burke told the parliament.

“We need a framework that enables individuals to trust the products they use every day.”

Under the package, the government will be empowered to direct companies and other entities to fix serious deficiencies within their risk management program.

A Cyber Incident Review Board would be set up under the changes and would function as an independent advisory body able to conduct “no fault” assessments of significant cyber security incidents.

Pointing to previous major data breaches such as the Medibank hacking attack, Mr Burke said the reform would provide a “cohesive legislative toolbox for Australia to move forward with clarity and confidence in the face of an ever changing cybersecurity landscape”.

Medibank is facing legal action and enormous fines over the breach in October 2022, which affected 9.7 million customers.

Hackers stole personal and highly sensitive information and published it on the dark web.

The changes include mandating minimum cyber security standards for smart devices and compulsory ransomware reporting for certain businesses, which are yet to be decided on, to report ransom payments.

Mr Burke said the government had worked extensively with business and believed the bill’s measures “strike the right balance to achieve our security outcomes” without burdening companies.

The regulation of telecommunications security would be moved into the Security of Critical Infrastructure Act, and existing obligations for systems holding business-critical data would be further clarified.

The legislative package will go before a parliamentary committee to be scrutinised.

Tess Ikonomou
(Australian Associated Press)