AICD submission on cyber security legislative reforms

Thursday, 07 November 2024

On 25 October the AICD made a submission to the Parliamentary Joint Committee on Intelligence and Security review of the cyber security legislative reform package.


The AICD submission considered the proposed reforms achieve a balance between new targeted cyber security regulations and avoiding unnecessary and counterproductive compliance requirements for businesses and their boards.

Our key points on the proposed reforms were:

  • Supported the introduction of a ransomware payment reporting framework recognising that the objective of this new reporting obligation is to enable a more complete intelligence and threat picture of ransomware activity in the Australian economy. We recommended that the turnover threshold for business caught under the regime is set at a level (for example $10m) where the business has the requisite resources and awareness to meet the reporting obligation.
  • Strongly supported the introduction of a limited use obligation on the National Cyber Security Coordinator (Cyber Coordinator) and Australian Signals Directorate (ASD). We recommended the obligation be broadened to explicitly cover the ‘recovery’ phase of an incident and not just the immediate response.
  • We supported the establishment of a Cyber Incident Review Board (CIRB) and recommend the CIRB be allowed to undertake thematic or industry wide reviews. We also considered the CIRB should not be allowed to undertake an incident review concurrent with other Commonwealth regulatory investigations and should be explicitly required to consult with the impacted business on its reports.
  • We recommended that the Explanatory Memorandum to the SOCI Act Bill provide further detail and examples on the use of the Ministerial consequence management directions powers. Given the breadth and largely unfettered nature of the proposed powers there is a risk that the powers will be utilised in instances that are inconsistent with the stated policy intent of responding to national emergency and multi-asset critical failures.

Latest news

This is of of your complimentary pieces of content

This is exclusive content.

You have reached your limit for guest contents. The content you are trying to access is exclusive for AICD members. Please become a member for unlimited access.