The government would fine businesses that fail to report ransomware attacks, including sensitive information about their systems, to cyber agencies under the initial proposal for its upcoming notification scheme.
Companies that are impacted by a ransomware attack, even if no ransom is paid, could be asked to provide the specific vulnerability in their system, what data was compromised and “any other relevant information about the incident or actor”.
The potential reporting requirements were floated on Tuesday in a consultation paper for potential legislative reforms to follow the National Cyber Security Strategy released last month, with stakeholders asked to give feedback over the summer.
Want to know how this story ends?
Become a subscriber for complete access to all stories on InnovationAus.com and our daily newsletter.
Do you know more? Contact James Riley via Email.