The Australian Government will create a “ransomware playbook” with clear guidance on how to manage ransom demands as part of a new long-term strategy to beef up the nation’s cyber security.  

The Government reiterated that it strongly discourages the paying of ransoms to cybercriminals. 

“There is no guarantee you will regain access to your information or prevent it from being sold or leaked online. You may also be targeted by another attack,” it said. 

The Insurance Council of Australia (ICA) welcomed the new 2023-2030 strategy, unveiled by Home Affairs Minister Clare O’Neil last week. It pledges almost $600 million to beef up resilience, including introducing “no-fault, no-liability" ransomware reporting obligations for business. 

The new strategy ends a “decade of sleepwalking on cyber – the fastest growing threat to Australia’s national security,” Ms O’Neil said. Australia is on track to being a world leader in cyber security by 2030, she says. 

"The strategy is bold and ambitious – and it has to be," she said. "We simply can’t continue as we are. We need to push harder, we need to get in front of this problem.”  

The ICA says it will help make Australian businesses less attractive targets.  

“The ICA remains committed to collaborating with the Australian Government and other industry stakeholders to ensure the success of this strategy and the safety and protection of customers,” a spokesperson told insuranceNEWS.com.au. "The insurance industry and our customers are not exempt from the increasing risk of cyber threats and criminals.” 

The new cyber strategy is based on 330 written responses to a discussion paper authored by an Expert Advisory Board chaired by former Axa Asia Pacific Holdings CEO Andrew Penn. 

The new funding will see $290.8 million invested in support for small and medium business, public awareness, fighting cybercrime, “breaking” the ransomware business model, and reinforcing the security of Australians’ identities. 

Strengthening critical infrastructure protections and uplifting government cyber security will receive $143.6 million, while $129.7 million will go to regional cooperation, cyber capacity uplift programs, and leadership forums. 

Smaller funding amounts will also go to building a threat-sharing platform for the health sector, accelerating the cyber industry and consumer standards for smart devices and software. 

The Government plans to review data retention legislation and will establish a new Cyber Incident Review Board to pool lessons learned from major hacks. 

See the new strategy here.