Australia has witnessed a 23 percent rise in cybercrime cases in 2024, with new cases increasing by 94,000 over the past year. The Australian Signals Directorate (ASD) also revealed a 10 percent decrease in proactive industry reporting on cybercrime issues from June to August 2023 compared to the previous year.

According to the Department of Home Affairs, a cyberattack occurs every six minutes in Australia, often forcing companies to pay ransoms to regain access to critical data.

This data was presented before a parliamentary inquiry into the Cyber Security Legislative Package 2024, which includes three bills.

The proposed legislation aims to implement seven initiatives under the 2023-2030 Cyber Security Strategy. This strategy seeks to align Australia with global standards and establish the country as a leader in cyber security.

Stephanie Crowe, Head of the Australian Cyber Security Centre at ASD, highlighted the concerning types of cyber incidents, including ransomware attacks and data extortion attempts.

In ransomware attacks, hackers lock down systems and demand payment, while data extortion threats involve releasing sensitive information unless a ransom is paid.

Delays Threaten Cyber Defence

Hamish Hansford, Head of the Australian Cyber and Infrastructure Security Centre at the Department of Home Affairs, stressed the importance of bringing ransom payments into the open to prevent further escalation of cybercrime.

“The payments are going to fund criminals who just get much more sophisticated through the funds that are provided to them,” he explained.

ASD officials said delays in incident reporting and limited industry engagement hinder effective threat mitigation. Further, swift information-sharing is essential to countering cyber threats.

Highlighting the value of early threat reporting, Crowe said, “when industry and small businesses are able to tell us early indications of an incident, we might be able to prevent those incidents occurring to other people, and that’s a really important part of our national function to scale defense against some of the ransomware and cyber crime incidents being reported to us.”

She referenced a 2022 case where regulatory concerns led a company to delay reporting an active cyber incident by 11 days.

“Eleven days is a very long time in cyber defence,” she said, as timely responses protect both the affected business and potential future targets.

Witnesses expressed frustration over delays in inter-agency information-sharing, urging the need for quicker response protocols.

Crowe said one of the most important functions of ASD as a national cyber security organisation is to be able to provide early warning and prevention of incidents before they happen.

$3 Million Ransomware Reporting Threshold

Officials from the Department of Home Affairs outlined efforts to improve transparency around ransomware payments by proposing a $3 million threshold for mandatory reporting.

During consultations since February 2023, stakeholders expressed mixed views, with some advocating for a zero threshold to align with the Privacy Act.

While the government discourages ransom payments, Hansford said transparency in reporting could help companies avoid future incidents. The framework is “targeted and measured,” with Australia’s requirements being less stringent than those of countries like India and Singapore.

To accommodate smaller businesses, the ASD supports the $3 million turnover threshold to balance transparency with compliance capability.

Small businesses face significant compliance challenges and ASD officials noted the importance of easing these burdens.

Enhancing Industry Collaboration

Since last year, ASD has gathered feedback through roundtables and town halls to shape its cyber security policies.

Dale Furse, chief operating officer of ASD, shared that a centralised portal website at cyber.gov.au is under development to streamline reporting.

This portal will enable businesses to report incidents, vulnerabilities, and cybercrimes in one place.

ASD has pledged to make the portal accessible for small- and medium-sized enterprises (SMEs), with support from Council of Small Business Organisations Australia and the 1300 CYBER1 hotline for direct assistance.

It believes this portal will ease compliance burdens while ensuring the swift collection of threat data.

Cybersecurity Education and Overcoming Trust Deficits

To tackle the growing issue of cyber threats, ASD is enhancing its educational outreach through the Cyber Security Partnership Program.

Last year, this initiative hosted over 450 events aimed at promoting best practices across various sectors. Key focuses include advocating for secure-by-design standards and urging businesses to rectify vulnerabilities, such as default device passwords that cybercriminals frequently exploit.

The cyber.gov.au portal complements these efforts by providing tailored guidance to different industries.

ASD said it was important to build trust within the business community to effectively combat rising cyber threats.

Crowe stated that the limited-use provision allows the ASD to respond swiftly to cyber incidents without businesses fearing regulatory repercussions.

Further, the provision under the Intelligence Services Act ensures that data reported to ASD is used solely for immediate cybersecurity purposes.

This framework is essential in encouraging smaller organisations to report incidents and engage in cybersecurity initiatives.

However, a trust deficit remains, primarily due to regulatory concerns that hinder open information sharing.

While technical staff are often willing to collaborate, internal policies can restrict their participation.

To address this, ASD is committed to transparency and the secure handling of reported data, aiming to foster a more cooperative environment essential for mitigating the increasing cyber risks facing Australia.