Cybersecurity 2025

AUSTRALIA Law and Practice Contributed by: Dennis Miralis and Jack Dennis, Nyman Gibson Miralis

Nyman Gibson Miralis Level 9, 299 Elizabeth Street Sydney NSW 2000 Australia Tel: +61 292 648 884

Email: dm@ngm.com.au Web: www.ngm.com.au

1. General Overview of Laws and Regulators 1.1 Cybersecurity Regulation Strategy On 22 November 2023 the Australian govern - ment released the 2023-2030 Australian Cyber Security Strategy (the “Strategy”), with the aim of strengthening Australia’s cyber defences and supporting people and businesses to be resilient to and recover quickly from cyber-attacks. Alongside the Strategy was the 2023-2030 Australian Cyber Security Strategy: Action Plan (the “Action Plan”) setting out three “Horizons”, which culminate in Horizon 3 with Australia as a leader of the global frontier in developing cyber technologies and adapting to risk and opportu - nities. Currently, Australia is in the final year of Horizon 1 (“Strengthen our foundations”) where - by it is aiming to address critical gaps, build protections and support “initial cyber maturity uplift”, with the government setting itself up for Horizon 2 (“Expand our search”) come 2026, which aims to scale cyber maturity across the whole economy, make investments and grow a diverse cyber workforce. The government has grounded its vision in six “shields” or “layers of defence” comprising the

businesses and citizens, safe technology, world- class threat sharing and blocking, protected critical infrastructure, sovereign capabilities, and resilient region and global leadership. It has set out in its Action Plan different actions and objec - tives for each shield, some of which can be seen through recent reform and others not. Notwithstanding 2025 is the final year of Horizon 1, it is also the first year that the Action Plan is set to be reviewed; and with the Federal election to take place by May 2025, there may be some changes to the strategy, purposes and actions to come. 1.2 Cybersecurity Laws Australia has a broad system of federal, state and territory-based laws which govern data pro - tection, cybersecurity and cybercrime. Data Protection Entities dealing with personal information in Aus - tralia should also be aware of their obligations with respect to: • the Privacy Act 1988 (Cth) (the “Privacy Act”), which regulates the handling of personal information by “APPs entities” pursuant to the Australian Privacy Principles (APPs);

10

CHAMBERS.COM

Powered by