You have 12 hours to report an incident!! Will you comply?
According to the SOCI Act in Australia, all organisations within Australia have to report an incident within 12 hours? How will this small, medium, enterprise organisations and what are the consequences of not complying?
"A business is subject to the 12-hour time frame after it becomes awareof a critical incident, such as ransomware or unauthorised access to an asset."
I think that's a fair timeline especially after they become aware of the incident. I didn't read the SOCI Act but I'm assuming the Government has additional support and resources that can be utilized after reporting the incident?
This is one of those situations where as soon as you receive the letter as being identified as "critical infrastructure", locate the reporting website/phone number and update it in the Incident Response plan ASAP.