Australia Unveils AU$587M Strategy to Defeat Cybercrime

The Australian government says it will mandate ransomware reporting by businesses, boost law enforcement capacity and fund startups with innovative cybersecurity solutions under a strategy unveiled Monday.

See Also: Live Webinar | Generative AI: Myths, Realities and Practical Use Cases

The government of Prime Minister Anthony Albanese plans to spend AU$587 million in a bid to convert Australia into a “world leader in cybersecurity” by the end of this decade.

The strategy intends to make it easier for businesses to report and recover from cyber incidents. The ransomware reporting, which will require legislation, will be a “no-fault, no liability” obligation. The administration also said it will impose new incident reporting requirements onto the telecommunications sector in line with other critical infrastructure sectors.

Australia underwent a wave of likely opportunistic ransomware attacks and data breaches in 2022 that made cybersecurity a hot button topic and extricated a pledge from the Albanese administration to make Australia “the world’s most cyber-secure country by 2030” (see: Australia Aims to Be World’s ‘Most Cyber-Secure’ Country).

“We cannot continue as we have. We can’t have a situation where we have data flying around the country, where we have critical infrastructure starting to fail, where we have small business and citizens who are continually telling us they feel vulnerable and unable to cope with the cyberthreats themselves,” Cyber Security and Home Affairs Minister Clare O’Neil told reporters in Sydney, reported Reuters.

The strategy says in the 12 months ending in mid-2023, the cost of cybercrime for Australian businesses rose by 14%, and the average cost ranged between AU$46,000 to AU$71,600, depending on company size. Only days ago, a cyber incident at a stevedore servicing four major Australian ports temporarily incapacitated the movement of goods in and out of the country.

The government discourages businesses and individuals from paying extortion money to cybercriminals, but the strategy stops short of a proposal to outlaw ransomware payments. Instead, it says forthcoming a ransomware playbook will “provide clear guidance to businesses and citizens on how to prepare for, deal with, and bounce back from ransom demands.”

The government also plans to legislate a mandatory cybersecurity standard for internet of things devices and will develop a voluntary labeling scheme for consumer-grade devices.

Senator James Patterson, the shadow minister for home affairs and cyber security, criticized the strategy as being “too little, too late,” pointing to back-to-back cyber incidents that occurred last year at private health insurer Medibank and telecommunications provider Optus.

“There is nothing radical or revolutionary in the strategy, nor anything that will substantially shift the dial on cybersecurity,” he said.