Cybersecurity 2025

AUSTRALIA Law and Practice Contributed by: Dennis Miralis and Jack Dennis, Nyman Gibson Miralis

is further able to cancel or impose conditions on licences and accreditations. ACMA also has the ability to commence civil proceedings or refer matters for criminal prosecution. Additionally, the Office of the eSafety Commis - sioner (the “eSafety Commissioner”) has pow - ers to promote and regulate online safety with respect to telecommunications, broadcasting and other online industries. However, the eSafe - ty Commissioner cannot investigate matters of cybercrime. Penalties range from takedown notices and blocking directions. Corporations, Consumers and Financial Services Cybersecurity The ASIC is Australia’s corporate, market and financial services regulator, is empowered under the Corporations Act to investigate and bring actions against corporations, directors and offic - ers for non-compliance with the Corporations Act, which, in some circumstances, may involve cybersecurity issues. It regulates publicly listed corporations under the Corporations Act and may investigate issues which touch on cyber - security. The APRA regulates certain finance, banking, insurance and superannuation entities and issued information security standards CPS 234. APRA has powers to supervise, monitor and intervene in matters of cybersecurity for regu - lated entities and has a range of enforcement powers to deal with breaches of its standards. Such powers involve APRA issuing infringement notices, providing directions or enforceable undertakings, imposing licensing conditions, disqualifying senior officials and commencing court-based action. The ACCC is Australia’s competition regulator and consumer protector, may, where appro -

priate, undertake enforcement action against breaches of the Consumer Act, including breaches involving cybersecurity, cybercrime and cyberscam issues. The ACCC additionally: • administers the Consumer Data Right (CDR) regime; • co-regulates (with OAIC) the Digital ID Act; and • hosts the Scamwatch website which pro - vides public information, alerts and access to complaints mechanisms on a wide range of consumer scams, including scams perpe - trated online. Also relevant for the financial sector is that OAIC regulates the aspects of the Privacy Act which deal with credit reporting obligations and the credit reporting code, which imposes certain conditions on entities that hold credit-related personal information. Cybercrime Cybercrime at the federal level is investigated and enforced by the AFP and prosecuted by the CDPP. The AFP have a dedicated cybercrime operations team comprising investigators, tech - nical specialists and intelligence analysts who operate across multiple jurisdictions to conduct cyber-assessments and to triage, investigate and disrupt cybercrime. More specifically: • ACIC is Australia’s national criminal intel - ligence agency – it has broad investigative and coercive powers and shares information between all levels of law enforcement; • AUSTRAC is the domestic watchdog for Australia’s anti-money laundering and counter-terrorism measures – it supports law

15

CHAMBERS.COM

Powered by