Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎07-21-2022 06:38 PM
‎07-21-2022 06:38 PM

You have 12 hours to report an incident!! Will you comply?

Hi All

 

According to the SOCI Act in Australia, all organisations within Australia have to report an incident within 12 hours?  How will this small, medium, enterprise organisations and what are the consequences of not complying?

 

https://ia.acs.org.au/article/2022/you-have-12-hours-to-report-a-cyberattack.html

 

Do you think this is fair?

 

Regards

 

Caute_Cautim

Reply
0 Kudos
1 Reply
tmekelburg1
Community Champion
‎07-22-2022 10:37 AM
‎07-22-2022 10:37 AM

"A business is subject to the 12-hour time frame after it becomes aware of a critical incident, such as ransomware or unauthorised access to an asset."

 

I think that's a fair timeline especially after they become aware of the incident. I didn't read the SOCI Act but I'm assuming the Government has additional support and resources that can be utilized after reporting the incident?

 

This is one of those situations where as soon as you receive the letter as being identified as "critical infrastructure", locate the reporting website/phone number and update it in the Incident Response plan ASAP.

Reply