cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Call for cyber security reforms to stop businesses buying their way out of trouble

In light of the flurry of cyber threats Australia has faced over recent months, Cyber Security Minister Clare O’Neil has signalled for several reforms that would stop large companies from paying ransom as a way to escape the consequences of large breaches.

user iconDaniel Croft
Tue, 15 Nov 2022
Call for cyber security reforms to stop businesses buying their way out of trouble
expand image

This news comes as Medibank has refused to pay hackers a ransom of $15 million to prevent the release of customer data.

“The idea that we’re going to trust these people to delete data that they have taken off and may have copied a million times is just frankly silly,” said O’Neil.

We’re standing strong as a country against this, we don’t want to fuel the ransomware business model.”


The Australian Federal Police (AFP) on Friday identified the hackers as Russian-based, something the Russian embassy in Australia has criticised.

We believe those responsible for the breach are in Russia," said AFP Commissioner Reece Kershaw.

These cyber criminals operate like a business with affiliates and associates supporting the business.

We also believe that some affiliates may be in other countries.”

The new reforms O’Neil is calling for, which would see major companies unable to buy their way out of security breaches, would also evaluate data retention. Several of those affected by the Medibank and Optus breaches hadn’t been customers for as long as a decade.

What we need to make sure is that companies are only holding data for the point in time where it’s actually useful," said O’Neil.

The call for reform comes as O’Neil and Attorney-General Mark Dreyfus announced a new task force that would be “offensively attacking” hackers and disrupting their operations before attacks could occur.

The new task force is a partnership of new policing between the Australian Signals Directorate, which is the cyber gun of the Australian public service, and the Australian Federal Police.

Dreyfus has been leading a review of the Privacy Act, which would help to solidify the data privacy of Australian citizens and further punish big businesses for not taking cyber security seriously.

The review hopes to change the penalty for businesses that suffer major breaches from the current maximum of $2.2 million to whichever is most of the following:

  • AU$50 million;
  • three times the value of any benefit or finances gained as the result of information misuse;
  • 30 per cent of the organisation’s adjusted turnover for the period.

“Unfortunately, significant privacy breaches in recent weeks have shown existing safeguards are inadequate. It’s not enough for a penalty for a major data breach to be seen as the cost of doing business,” Dreyfus said.

“We need better laws to regulate how companies manage the huge amount of data they collect, and bigger penalties to incentivise better behaviour.”

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.