Australia is contemplating implementing a new law that would mandate the reporting of ransom payments as a strategy to combat the escalating threat of cybercrime, particularly ransomware attacks. The proposed legislation, influenced by the US Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), aims to enhance transparency in dealing with ransomware incidents. The law targets businesses in Australia, especially those experiencing a significant rise in cyber threats, with an emphasis on businesses making ransom payments to gangs
While initially considering banning ransom payments altogether, the government shifted its focus to mandatory reporting, aiming to find a balance between deterrence and practicality for businesses. The law would require businesses with an annual turnover exceeding $3 million AUD to disclose any ransom payments made, as a means to provide authorities with better insights and aid in tracking and prosecuting cybercriminals effectively. Despite concerns about potential disadvantages for small and medium enterprises due to compliance costs, the law hopes to encourage organizations to reassess their cybersecurity strategies and invest in proactive measures, ultimately driving a cultural shift towards prioritizing cybersecurity at all organizational levels. https://www.tripwire.com/state-of-security/australia-considers-mandatory-reporting-ransom-payments