{{item.videoDuration}}
{{item.title}}
{{item.videoDuration}}
Are you up to date with Cyber Incident regulations?
24 October, 2023
Regulators are constantly updating cyber incident notification regulations to ensure that organisations are appropriately prepared for today’s digital threat environment.
- After a cyber incident, who are you legally required to notify? Who should you notify? Who might you notify voluntarily?
- Our guide shares the key cyber incident notification obligations that currently apply across 9 federal and sectoral regulations / laws, and the 8 Australian states and territories.
No industry remains untouched by the technology and data revolution. With the great opportunities that this brings also comes the risk of cyber incidents, damaging businesses and their stakeholders.
At the height of a cyber incident, organisations often scramble to remediate, investigate and secure their systems as quickly and responsibly as possible. Understanding your legal obligations relating to notification is essential to your cyber incident response process.
Key stakeholders can include regulatory bodies, law enforcement agencies, market operators, customers, suppliers, employees, insurers, joint venture partners, and the wider public:
The Australian legal landscape in this space is complex, with federal obligations supplemented by industry-specific and state-based laws. We’ve set out to make it more accessible with a short guide to all of these in Cyber Incident Notification Regulations in Australia 2023.
Our guide includes a summary of key considerations across a number of sectoral legislative / regulatory obligations, including:
Privacy Act
Security of Critical Infrastructure
Telecommunications
Prudential Standards (CPS 234, 232, 230)
Consumer Data Right
ASX Listing Rules
My Health Records
It also includes the eight state and territory obligations:
New South Wales Privacy and Personal Information Protection Act 1998
Australian Capital Territory – voluntary notification regime
Victorian Protective Data Security Standards
Queensland Government Enterprise Architecture – Information Security Incident Reporting
Northern Territory Information Act 2002
Western Australian Whole-of-Government Cyber Security Incident Coordination Framework
South Australia Premier and Cabinet Circular PC042 Cyber Security Incident
Tasmanian Government Incident Management Cybersecurity Standard
Australian organisations must navigate this complex web of cyber incident notification obligations. Understanding them and staying up-to-date with regulatory changes is essential to mitigate risk. Failure to comply can have severe consequences, such as regulatory fines, voided insurance policies, contractual damages claims, lawsuits, loss of customers, and reputational damage. Proactive compliance needs to be a top priority for all Australian organisations.
Read the full guide: Cyber Incident Notification Regulations in Australia 2023.
James Patto
{{filterContent.facetedTitle}}
{{contentList.loadingText}}
{{contentList.loadingText}}