Sydney (Reuters) – Australia will give cyber health checks for small businesses, increase cyber law enforcement funding and introduce mandatory reporting of ransomware attacks under a security overhaul announced on Wednesday after a spate of attacks.
The federal government said it will also subject telecommunications firms to tougher cyber reporting rules which apply to critical infrastructure, seek migrants to build up the cyber security workforce and set limits on inter-agency data sharing to encourage people to report incidents.
The A$587 million ($382 million) plan shows the centre-left Labor government trying to get on the front foot after a year in which nearly half the country’s 26 million population had personal information stolen in just two data breaches at companies, while a cyber attack at its biggest port operator this month brought supply chains to a standstill.
“We cannot continue as we have,” Cyber Security and Home Affairs Minister Clare O’Neil told reporters in Sydney.
“We can’t have a situation where we have data flying around the country, where we have critical infrastructure starting to fail, where we have small business and citizens who are continually telling us they feel vulnerable and unable to cope with the cyber threats themselves.”
Cybercrime reports in Australia jumped by nearly a quarter in the year to June, with the average cost to victims up 14%, the Australian Cyber Security Centre said in a report this month, which noted a new defence agreement with the U.S. and Britain had made the country a bigger target.
Unveiling the seven-year strategy, O’Neil said that while large businesses received some of the biggest cyber attacks, they typically recovered, but attacks on small and medium-size businesses could be terminal.
The Australian Securities and Investments Commission (ASIC) said this month that 44% of companies it surveyed had no plan to stop data breaches originating from supply chain partners.
“The current cyber security and privacy legislation landscape has evolved considerably in recent years, and in the process has become fragmented,” said Aidan Tudehope, co-founder of Macquarie Technology, which supplies data services for 42% of federal agencies.
“Minister O’Neil’s Strategy establishes cyber security as a unifying nationwide endeavour,” he added.
Under the strategy the government said it would set up a single portal for reports of cyber attacks and encourage people and businesses to report by introducing laws preventing the sharing of personal data with other government agencies.
The government would meanwhile seek to cut the amount of customer data companies were required to keep.
Breaches in 2022 on No. 2 telco Optus, which is owned by Singapore Telecommunications, and No. 1 health insurer Medibank Private exposed information stored sometimes years earlier including data belonging to people who were not customers.
($1 = 1.5366 Australian dollars)