AUSTRALIA will undertake an economy-wide revamp of its cybersecurity protections including revised data laws, mandatory reporting and a new nationwide cyber council in response to several significant hacks targeting businesses and infrastructure over the past year.

Home Affairs Minister Clare O’Neil announced the cybersecurity strategy on Wednesday in Sydney, including A$586.9 million (S$515 million) in new funding to protect firms and individuals, defend critical infrastructure and bolster sovereign capabilities.

Australia has been in a “cyber slumber” in recent years, leaving the country exposed, O’Neil said in a statement ahead of the release.

The minister said Australia now aimed to be a world leader in cybersecurity by 2030 and that the new strategy would “enable us to bounce back faster from attacks that we cannot prevent.”

“We will put cyber criminals on notice, and we will fight back against the threat,” she said in the statement.

The government’s announcement comes after several damaging cyberattacks on major Australian businesses and infrastructure in the past year. These have seen sensitive data stolen and resulted in major disruptions to supply chains. 

GET BT IN YOUR INBOX DAILY

Start and end each day with the latest news stories and analyses delivered straight to your inbox.

Sign UpVIEW ALL

Almost 40 per cent of Australia’s ports were hit by a cyberattack on DP World earlier this month, which led to a backlog of thousands of containers across the country.

In late 2022, communications provider Optus and private health insurer Medibank were hit by hacks, which saw private consumer data leaked onto the internet.

Under the new cybersecurity strategy, the government will take measures to better protect consumer data and improve coordination on preventing hacking attempts.

O’Neil has committed to work with businesses to create a mandatory reporting structure for ransomware attacks, under which victims could report an attack under a “no fault, no liability” system.

The government will establish an Executive Cyber Council that will work with industry leaders to share information on cybersecurity threats and improve collaboration between the public and private sectors. In addition, telecommunications providers will be treated as critical infrastructure, both improving the protections for consumers and raising the penalties for cybersecurity failures.

Government data retention requirements will also be revised to examine how much personal data needs to be stored by companies.

The restrictions have previously come under criticism by privacy advocates following leaks of personal information such as passports and contact information which companies were forced to hold for long periods of time under government legislation. BLOOMBERG