top of page

Australia’s New Cyber Security Legislative Package: Suggested Next Steps for SMBs

Updated: Jan 31

Australia’s New Cyber Security Legislative Package: Suggested Next Steps for SMBs
Cybersecurity professionals hard at work

The Australian government has introduced the Cyber Security Act 2024, bringing new regulations aimed at strengthening the nation’s defences against cyber threats. While large corporations may have the resources to adapt quickly, small and medium-sized businesses (SMBs) face unique challenges in meeting these new requirements. Understanding the key aspects of the Cyber Security Legislative Package is essential for SMBs to ensure compliance and protect their businesses from cyber risks. Below is an outline of the key changes and a rundown of suggested action items for SMBs to consider.


Key Changes Affecting SMBs


1. Mandatory Security Standards for Smart Devices

The Act requires that all smart devices sold in Australia meet specific security standards. For SMBs, this means evaluating the security of smart devices used in daily operations, from office routers to internet-connected payment systems. Businesses will need to ensure that the products they purchase comply with these new standards or risk non-compliance.


What SMBs should do next:

  • Verify security certifications when purchasing smart devices.

  • Update firmware and software regularly to patch vulnerabilities.

  • Ensure implementation of network security measures, such as firewalls and VPNs.

 

2. Mandatory Reporting of Ransomware Payments


If a business falls victim to a ransomware attack and chooses to pay, it must report the payment to the government within 72 hours. This regulation is designed to increase transparency and help authorities track cybercriminal activity.

What SMBs should do next:

  • Establish a cybersecurity response plan, including steps to take if hit by ransomware.

  • Train employees on how to recognise phishing attempts and ransomware threats.

  • Work with cybersecurity professionals to improve data backups and recovery processes to avoid paying ransoms.


3. Cyber Incident Review Board (CIRB)


The new Act establishes a Cyber Incident Review Board (CIRB) to analyze significant cyber incidents and provide recommendations. This presents an opportunity for SMBs to learn from past incidents and adopt best practices in cybersecurity.

What SMBs Should Do:

  • Stay informed on CIRB recommendations and industry best practices.

  • Participate in cybersecurity workshops and government initiatives.

  • Regularly review and update security policies based on CIRB findings.

 

Industries at High Risk


Certain industries face greater cybersecurity risks due to the sensitive data they handle. SMBs operating in these sectors should make an extra effort to level-up their cybersecurity game:


  • Healthcare – Patient records are valuable targets for cybercriminals.

  • Financial Services – Small accounting firms and fintech startups are increasingly targeted.

  • Retail & E-commerce – Payment fraud and customer data breaches are growing concerns.

  • Manufacturing & Supply Chain – Cyberattacks can disrupt operations and lead to significant losses.

  • Professional Services – Law firms, consultants, and IT providers hold sensitive client data.

 

Final Thoughts


It seems the main point of the Cyber Security Act 2024 is that it wants businesses to work collaboratively with government agencies to improve cyber resilience – and this makes sense with the range and impact of cyberattacks increasing every day. For SMBs, taking proactive steps now will reduce risks and help avoid costly penalties.


Practical Steps for all SMBs:

  • Conduct a cybersecurity risk assessment to identify vulnerabilities.

  • Develop an incident response plan tailored to your business.

  • Invest in cybersecurity training for employees.

  • Leverage government resources and grants to upgrade security infrastructure.


While the new cybersecurity regulations introduce additional responsibilities for SMBs, they also present an opportunity to strengthen security and build trust with customers. By proactively addressing these changes, small and medium-sized businesses can safeguard their operations, comply with regulations, and contribute to a safer digital economy.

Global Tech Partners makes cybersecurity simple for SMBs looking to begin their cybersecurity journey. We offer three tailored solutions:


  1. Self-Managed Cybersecurity – Tools and guidance to secure your business independently.

  2. Managed Cybersecurity – Expert-led protection for ongoing security and peace of mind.

  3. Advanced Support – Comprehensive solutions for larger businesses or those operating within high-risk business sectors.


Hey, we understand that everything ‘Cybersecurity’ can be just a jumble of technical jargon for many business owners, and that's why our services are easy, simplified, effective, and designed and priced for SMBs.

3 views0 comments

Comments


bottom of page