Cybersecurity and critical infrastructure

The Cyber and Infrastructure Security Centre (CISC) is consulting on proposed new rules to support the implementation of the Government’s recently assented Omnibus Cyber Security and Critical Infrastructure Package. Consultation closes on 14 February 2025.

24 January 2025

The Government’s legislative package that implements a range of initiatives aimed at improving Australia’s cyber security consistent with its 2023-2030 Cyber Security Strategy has now been passed and is awaiting Royal Assent.

27 November 2024

The Government has released a legislative package that implements a range of initiatives aimed at improving Australia’s cyber security consistent with its 2023-2030 Cyber Security Strategy.

14 October 2024

Trust, safety, security and the regulators’ rise were central to messages shared across the 11 sessions at the KWM Digital Future Summit 2024, which culminated in a focus on the technology and innovation that is at the heart of our energy transition.

03 September 2024

Responsible entities who are subject to the Security of Critical Infrastructure (Critical infrastructure risk management program) Rules (LIN 23/006) 2023 (CIRMP Rules) are required to submit their first annual report within 90 days of the end of the financial year (by 28 September 2024). Responsible entities should now be taking steps to prepare the annual report to ensure it is ready to submit by the deadline.

10 July 2024

ASX updated Guidance Note 8 to include a new example addressing a cyber incident.

27 June 2024

Following recent high profile cyber breaches, ASX has included a new data breach worked example in its updated Guidance Note 8 (effective 27 May 2024).

20 May 2024

Responsible entities of critical infrastructure assets who are subject to the Security of Critical Infrastructure (Critical infrastructure risk management program) Rules (LIN 23/006) 2023 (Rules) must comply with a designated cyber security framework (or an equivalent framework) by 18 August 2024.

15 March 2024

The Security of Critical Infrastructure Act (SOCI Act) is again being expanded, this time as part of the Australian Government’s 2023-2030 Cyber Security Strategy.

21 February 2024

The Government’s 2023-2030 Cyber Security Strategy aims to make Australia the most cyber secure nation and a global leader in cyber security by 2030

05 December 2023

Regulated organisations have been warned to address significant gaps in their cyber security and resilience following ASIC’s latest cyber pulse survey.

29 November 2023

The OAIC’s latest report on the Privacy Act’s notifiable data breach scheme reveals a declining number of notifications.

06 September 2023

On 17 July 2023, the Australian Prudential Regulation Authority (APRA) released the long awaited final Prudential Standard CPS 230 Operational Risk Management (CPS 230) following extensive industry consultation. CPS 230 will replace the current APRA Prudential Standards for Outsourcing (CPS 231 / SPS 231 / HPS 231) and Business Continuity Planning (CPS 232 / SPS 232) so that CPS 230 will become the core standard for APRA-regulated entities when outsourcing services and managing other operational risk (including business continuity).

03 August 2023

The UK Supreme Court in a landmark judgment (Philipp v Barclays Bank UK Plc [2023] UKSC 25) has unanimously held that a bank does not have a common law duty to customers to refrain from acting on their instructions where the bank believes the customer is the victim of an authorised push payment scam.

14 July 2023

The Australian Prudential Regulation Authority (APRA)’s initial round of tripartite cyber assessments of regulated entities against prudential standard CPS 234 (CPS 234) has revealed significant control gaps in relation to their compliance with the requirements of CPS 234.

12 July 2023

The Minister for Finance, Senator the Hon Katy Gallagher, recently launched for consultation a draft Data and Digital Government Strategy: The data and digital vision for a world-leading APS to 2030 (Draft Strategy). You’re invited to make comments on the Draft Strategy by 25 July 2023.

07 July 2023

Fraud is one of the thorniest problems for banks and their customers globally, with billions of dollars of leakage to opportunists, criminal syndicates and thieves. The Hong Kong Monetary Authority (HKMA) has recently announced Hong Kong’s newest institutional financial crime tool – FINEST. The initiative was launched in collaboration with the Hong Kong Police Force (HKPF) and The Hong Kong Association of Banks (HKAB). King & Wood Mallesons was delighted to serve as legal advisor on the project. This alert summarises the key points to know.

30 June 2023

The Australian space industry has cause for excitement after a joint statement issued by the Prime Minister of Australia and the President of the United States on 20 May 2023.

26 May 2023

Released in February this year, the Government’s long-awaited Privacy Act Review Report (Report) contains 116 proposals for privacy reform. In this, our second article in the Privacy Bytes series, we take a closer look at the new individual rights the Report proposes to include or expand in the Privacy Act.

09 May 2023

The increasing regularity of high-profile cyber incidents is a constant and costly reminder that effective cyber resilience is fundamental to realising the promised benefits of digitisation. Australia is among many countries seeking to reboot its cyber defences.

08 May 2023

The Security of Critical Infrastructure (Critical infrastructure risk management program) Rules (LIN 23/006) 2023 (CIRMP Rules) have now been made and came into force with effect from 17 February 2023.

20 February 2023

The Australian Cyber Security Centre (ACSC) has just released its Annual Cyber Threat Report covering the period July 2021 to July 2022 (Report). It will probably surprise nobody that along with the international security environment more broadly, the cyber threat landscape has deteriorated markedly over the review period.

08 November 2022

The Government has introduced legislation that will significantly increase maximum penalties under the Privacy Act.

26 October 2022

Data is increasingly being treated as a core business asset in M&A transactions. In this context, management of data is about deriving and preserving its value, and limiting reputational, regulatory and contractual risk.

24 October 2022

The Minister for Home Affairs has commenced consultation on the proposed risk management program (RMP) under the amended Security of Critical Infrastructure Act 2018 (SOCI Act). Consultation is open for 45 days from Wednesday 5 October 2022 until Friday 18 November 2022.

07 October 2022

Lloyd’s of London has directed that commencing in March 2023, underwriters are to exclude losses arising from any “state backed cyber-attack” from all standalone cyber-attack policies.

05 October 2022

With the ever-quickening pace of technological change, it is as vital a time as ever to look at the current state of privacy law and prepare for its next evolution.

04 October 2022

The insured could not recover the costs of investigating and preventing a ransomware attack, replacement hardware costs or the costs or retrieving or reconstituting affected data because the cyber policy excluded ‘indirect and consequential loss’ and limited loss or damage to electronic data, media or information to the costs of replacement media and labour costs for transcription and copying.

30 August 2022

Global crypto markets are no stranger to volatility. We have been here before. At the same time, with Australia’s first crypto ETFs launch, we are also seeing a significant uptick in Australian market entry for major international crypto players, as well as the continued expansion of home-grown service providers and developers. Banks are also entering the fray.

26 May 2022

We are barely finished with the first quarter of the calendar year and already we have seen multiple “hacks” in the crypto space that have resulted in the losses of over US$1 billion.

16 May 2022

In a landmark judgment, the Federal Court has found that an Australian financial services licence (AFSL) holder contravened its general AFSL obligations under Corporations Act 2001 (Cth) (Act) by failing to have and to implement documentation and controls in respect of cybersecurity and cyber resilience that were adequate to manage risk.

12 May 2022

The Australian Government has released a discussion paper on data security for public comment, as part of the ongoing development of Australia’s National Data Security Action Plan (Action Plan).

22 April 2022

The asset register reporting requirements and the cyber security incident notification obligations under the Security of Critical Infrastructure Act 2018 (Cth) have now been enlivened.

13 April 2022

The Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (SLACIP Act) has been passed by the Senate and the House of Representatives.

01 April 2022

New, stronger criminal offences applicable to cybercriminals proposed with extraterritorial application. Modernised powers to investigate and seize digital assets, including cryptocurrency, introduced.

25 February 2022

Yet the ancient origin of the word goes to the essence of today’s regulatory tension: ‘crypto’ has its origin in the Greek word ‘kruptos’, meaning ‘hidden’. Governments and regulators around the world are working to bring crypto assets into view.

22 February 2022

Written by Sean Field.

01 February 2022

The increasing regularity of high-profile cyber incidents is a constant and costly reminder that effective cyber resilience is fundamental to realising the promised benefits of digitisation. Australia is among many countries seeking to reboot its cyber defences.