IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
Data Protection
#
Ransomware
#
Risk & Compliance

Australia introduces new cybersecurity compliance laws 2024

Fri, 14th Mar 2025
Author image
By Catherine Knowles, Journalist

Noggin has announced four regulatory updates affecting Australian businesses and detailed steps companies can take to remain compliant and avoid penalties.

The Australian Parliament passed the Cyber Security Legislative Package 2024, which consists of several bills including the Cyber Security Bill 2024. This new law introduces reporting obligations for businesses involved in ransomware attacks and restricts the use of cybersecurity incident information shared with the National Cyber Security Coordinator. Additionally, a Cyber Incident Review Board will be established to evaluate significant cybersecurity incidents.

Further amendments are made under the Intelligence Services and Other Legislation Amendment (Cyber Security) Bill 2024, which updates the Intelligence Services Act 2001. A central component of this amendment is the creation of a limited-use obligation for information handled by the Australian Signals Directorate during cybersecurity incidents. It also exempts certain documents related to cybersecurity from being accessed under the Freedom of Information Act 1982.

The Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Bill 2024 amends the Security of Critical Infrastructure Act 2018 (SOCI). The legislative changes focus on enhancing data protection for business-critical information, stipulating updated standards for government access and managing the repercussions of critical infrastructure incidents.

James Boddam-Whetham, General Manager at Noggin, commented, "The positive benefits of enhanced resilience should be sufficient motivation for continued regulatory compliance, but the penalties for noncompliance can be steep, as well. Whether they operate locally, here in Australia, or globally, businesses need to stay informed about any up-coming changes this year to ensure there's no risk of disruption to operations, up to and including major fines or sanctions. Due to new legislation in the cybersecurity and healthcare domains, there are multiple ways businesses may need to adjust their operations this year."

On the international front, the Digital Operational Resilience Act (DORA) affects Australian enterprises conducting operations in Europe. Effective from January 2023, it demands financial institutions within EU member states to implement comprehensive cybersecurity protocols, such as governance structures, ICT risk management, and disruption mitigation strategies, with compliance monitored by a Lead Overseer.

Additionally, the Health Infrastructure Security and Accountability Act (HISAA) in the United States, though yet to be passed, emphasizes the need for cybersecurity risk analysis and resilience planning in healthcare facilities. Under this proposed legislation, noncompliance could result in civil and criminal penalties, while adherence could expedite payments during cybersecurity incidents. Australian companies operating in the U.S. health sector would need to align with such stipulations.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Avalara enhances global trade with new compliance tools
N-able integrates Adlumin for Microsoft 365 breach prevention
ShareRing joins Australian government trial for age verification
Forrester report advises leaders on tackling economic shocks
Microsoft April Patch Tuesday highlights zero-day risks
Top stories
Sinch recognised as essential app in HubSpot ecosystem
Newmont adopts Ericsson 5G for remote mine operations
Ultrahuman unveils flagship ring in Australian market at AUD $599.95
Is the crypto bull run over?
The right approach in controlling the Shadow SaaS sprawl today