Ransomware is an increasing threat to businesses globally, with significant financial and operational impacts. The Australian government has recently introduced new legislation to enhance cybersecurity measures, including mandatory reporting of ransomware payments and stricter regulations to protect critical infrastructure. From January 2025, businesses must implement effective cybersecurity measures to comply with these regulations in a continually evolving threat landscape.
Ransomware and data theft extortion remain the most pervasive threats to businesses today. The impact of ransomware attacks has been felt significantly in Australia, both financially and operationally. The government is stepping up efforts to tackle the issue with new legislation.
The Australian Signals Directorate (ASD) registered 9% more extortion-related cybersecurity incidents in 2023‒2024 compared to the previous financial year. About 71% of these incidents involved ransomware.1
1 "Annual Cyber Threat Report 2023‒2024," Australian Signals Directorate, 20 Nov 2024.
2 "New Law in Australia Will Require Mandatory Reporting of Ransomware Payments," The Record, 10 Oct 2024.
3 "Cyber Security Bill 2024," Parliament of Australia, accessed 26 Nov 2024.
4 "Intelligence Services and Other Legislation Amendment (Cyber Security) Bill 2024," Parliament of Australia, accessed 26 Nov 2024.
5 "Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Bill 2024," Parliament of Australia, accessed 26 Nov 2024.
6 "Government Introduces Landmark Cyber Security Legislation," Australian Government, 09 Oct 2024.
7 "Cyber Security Bill 2024: Australia's First Whole-of-Economy Cyber Security Law Revealed," Lander & Rogers, accessed 26 Nov 2024.
Gallagher provides insurance, risk management and benefits consulting services for clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance and/or risk management perspective, and offer broad information about risk mitigation, loss control strategy and potential claim exposures. We have prepared this commentary and other news alerts for general information purposes only and the material is not intended to be, nor should it be interpreted as, legal or client-specific risk management advice. General insurance descriptions contained herein do not include complete insurance policy definitions, terms and/or conditions, and should not be relied on for coverage interpretation. The information may not include current governmental or insurance developments, is provided without knowledge of the individual recipient's industry or specific business or coverage circumstances, and in no way reflects or promises to provide insurance coverage outcomes that only insurance carriers' control.
Gallagher publications may contain links to non-Gallagher websites that are created and controlled by other organisations. We claim no responsibility for the content of any linked website, or any link contained therein. The inclusion of any link does not imply endorsement by Gallagher, as we have no responsibility for information referenced in material owned and controlled by other parties. Gallagher strongly encourages you to review any separate terms of use and privacy policies governing use of these third party websites and resources.
Insurance brokerage and related services to be provided by Arthur J. Gallagher & Co (Aus) Limited (ABN 34 005 543 920). Australian Financial Services License (AFSL) No. 238312
