cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

You have 12 hours to report an incident!! Will you comply?

Hi All

 

According to the SOCI Act in Australia, all organisations within Australia have to report an incident within 12 hours?  How will this small, medium, enterprise organisations and what are the consequences of not complying?

 

https://ia.acs.org.au/article/2022/you-have-12-hours-to-report-a-cyberattack.html

 

Do you think this is fair?

 

Regards

 

Caute_Cautim

1 Reply
tmekelburg1
Community Champion

"A business is subject to the 12-hour time frame after it becomes aware of a critical incident, such as ransomware or unauthorised access to an asset."

 

I think that's a fair timeline especially after they become aware of the incident. I didn't read the SOCI Act but I'm assuming the Government has additional support and resources that can be utilized after reporting the incident?

 

This is one of those situations where as soon as you receive the letter as being identified as "critical infrastructure", locate the reporting website/phone number and update it in the Incident Response plan ASAP.