IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
Advanced Persistent Threat Protection
#
Cybersecurity
#
Cyber Threats

Exclusive: National cyber security coordinator says upcoming laws will elevate digital safety

Yesterday
Author image
By Melania Watson, Interview Editor

Australia's first National Cyber Security Coordinator, Lieutenant General Michelle McGuinness, has called for a "whole of nation" effort to combat cyber crime as the country enters a new era of digital legislation and public awareness.

During her keynote at the AUSCERT 2025 Cyber Security Conference on the Gold Coast, McGuinness highlighted sweeping changes under the new Cyber Security Act, which comes into force next Friday.

The legislation, she said, represents a turning point in Australia's cyber defence, requiring action from businesses, government, and individuals alike.

"It's our job to channel that energy and amplify it, and ensure that together we work to achieve the vision set out in the 2023-2030 Australian cyber security journey to be a world leading cyber secure nation," McGuinness told the audience of security professionals on the Gold Coast.

Since launching the National Cyber Security Strategy in November 2023, the government has delivered a comprehensive roadmap to "fortify our nation's digital landscape," McGuinness said. "You don't have to look very far across the last 18 to 24 months to identify the significant gains that together we have made under our strategy."

At the centre of the reforms is the new Cyber Security Act, described by McGuinness as a "major achievement."

The law introduces mandatory ransomware reporting for companies with turnovers above $3 million, security standards for smart devices, and the creation of a Cyber Incident Review Board to investigate lessons learned from major attacks.

These measures aim to improve transparency and help the nation "bounce back quicker" from cyber threats.

"We are focused on responding to that incident, minimising the harm and mitigating the consequences," she said. "The ransomware reporting obligation and the cyber incident review board will come into force next Friday."

A key element is a "limited use obligation" on government authorities, setting out how sensitive information is handled after a breach is reported. "This initiative is designed and has been really effective in enhancing the trust that we share across industry from the outset of an incident," McGuinness explained.

The government is also rolling out a phased approach for smart device manufacturers, giving them time to comply with the new security standards. McGuinness urged all companies to engage with the legislation and understand its implications: "I encourage you all to engage with this legislation and understand the opportunities and also what it means for you and companies."

A major public awareness drive is underway, building on last year's "Stay Secure" campaign. The campaign's reach has expanded to television and social media, targeting everyday Australians in an attempt to make cyber security second nature.

"It's about behavioural change," McGuinness said. "Cyber security is everyone's business. It's not a niche topic, but a whole of nation conversation and endeavour."

During the keynote, she heavily encouraged the audience to discuss cyber safety not just at work, but with families and friends.

"By having these conversations and taking the simple actions that the campaign advertises is really going to uplift us and help us all be safeguards as we get involved as a platform centric society."

McGuinness painted a stark picture of the growing threat, noting that scams and cyber crime have become a "well resourced and well informed industry." While the self-reported cost of cyber crime to businesses is falling overall, small businesses and individuals are feeling greater financial pain.

"The small businesses are reporting that their cost is increasing. It's up 8% on last year to just under $50,000, and the cost for individuals is also up to around $30,000," she said. "Ninety-two percent of businesses in Australia are categorised as small businesses."

Many of these smaller entities lack dedicated IT security teams, leaving them vulnerable. "We need to make them a smaller target, to starve the criminals and ensure that they understand what to do when an incident happens," McGuinness said. "We need our small businesses to continue to innovate, for all of them to thrive and not be harmed or indeed paralysed by cyber security incidents."

Australia's adversaries, she warned, are both "responsive and adaptive."

The rise of malware-as-a-service and do-it-yourself cybercrime tools means "the cost of entry is relatively low for some criminals," and attacks are becoming more industrial in scale. "A big part of my job is to help us move as a nation from a position of playing catch up and reacting to being a leader and being steps ahead," she said.

Partnership between government and the private sector is, in her words, "absolutely the jewel in our crown." The next phase of the cyber strategy, running from 2026 to 2028, will focus on operational maturity and building resilience.

"It's where we must move from planning to performance, from building to embedding, and from reacting to resilience and running recovery," McGuinness explained.

Looking ahead, the government will continue to focus on education, support for small businesses, intelligence sharing and critical infrastructure protection.

Despite a string of high-profile breaches in recent years, Australia has yet to experience a catastrophic attack on essential services. "We must continue to evolve and thrive to ensure that those things are seen in Hollywood never actually went away," McGuinness said.

Reflecting on the achievements so far, McGuinness insisted that building a secure digital nation requires "everyone's participation."

"Cyber security is a national security issue, and we need the whole nation to be part of it."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Radware named leader for AI-driven API security by GigaOm
Milestone Systems empowers South Pacific with local leadership
Centrel unveils plug-and-play tool to simplify IT documentation
Tenable One platform adds connectors & custom risk dashboards
Picus launches tool for real-time validation of exploitable risks
Top stories
Seagate unveils growth strategy, boosts share repurchases to USD $5bn
Looking ahead: The future of AI-driven workflows
InfoSum unveils Amazon Ads integration for smarter data use
Exclusive: AUSCERT's General Manager on importance of adapting to change
Palo Alto Networks and Quitch launch new cyber training modules