cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Australian Companies must report Ransomware payments to the Government

Hi All

 

Businesses that make ransomware payments to hackers will be forced to report their actions to government authorities under tough landmark legislation introduced to Parliament this week.

The Cyber Security Legislative package includes mandatory ransomware reporting for certain businesses and a mandate minimum on cyber security standards for smart devices in a bid to keep cyber criminals locked out of homes and businesses.

 

It will also see the establishment of a Cyber Incident Review Board.

The reforms have been introduced under the Security of Critical Infrastructure Act 2018 (SOCI Act) aim to clarify existing obligations in relation to systems holding business critical data and simplify information sharing across industry and government.

 

https://ia.acs.org.au/article/2024/businesses-forced-to-report-ransomware-payments.html?ref=newslett...

 

How about other countries doing this too?

 

Regards

 

Caute_Cautim

1 Reply
dcontesti
Community Champion

So I read this the other day and have taken a step back to think on this one.

 

From the article:

 

The new reporting requirements are designed to help the government understand how much money is being lost to ransomware, which has been notoriously difficult to track.

 

Why does the government need this stat?  What will they do with it?

 

Yes it provides a record of what is happening.  Sorry, but the government mandate may also be a way to validate expense claims to lower taxes.  I question who will be using this data? Just the government? or will they share with others?  Reputation here could become an issue.  Look at organisations that reported and what happens to their stock prices, customer satisfaction, etc.

 

It will also help intelligence teams gain greater visibility over online risks, recognised as a growing national security threat.

 

I believe the teams understand the risks and I for one would rather have assistance in understanding how the governments are working to stop this,

 

It is likely that fines will be issued if ransomware payments are not reported.

 

Double taxation!

 

+++++++++++++++++++++++++++++++++++++++++++++++

 

Personally, i do not feel that it will stop any of the bad actors from attacking others but instead, could increase their activities against specific markets if they find out who is paying and the what amounts?

 

Well intended but without further details, hard to say what the eventual outcome will be.

 

off my soap box

 

 

d