Cyber Security and Privacy in Australia: The Changing Landscape and What it Means for You

The Rising Tide of Cybercrime in Australia

As digital connectivity deepens its roots in our everyday lives, the threat of data breaches has become more prevalent, particularly in wealthy nations like Australia and early stage start up businesses. The year 2022 marked a turning point in the Australian consciousness regarding cybercrime, with a staggering 76,000 reports of cybercrime - a 13% increase from the previous year. Ransomware, especially, has emerged as a formidable tool in the arsenal of cybercriminals, affecting every sector of the Australian economy and leading to a significant 14% increase in the costs associated with cybercrime reporting.

The Current Regulatory Maze

Australia’s regulatory frameworks for privacy and cyber security are complex and fragmented, making them challenging to navigate. This complexity is out of step with international norms, such as the GDPR in Europe. This article delves into the ongoing proposals, reforms, and review processes shaping Australian laws and regulations in these critical areas.

1. Privacy Act Review

A comprehensive review of the Privacy Act 1988 is underway, with significant changes anticipated to align more closely with GDPR-style regulations. Key proposed changes include broader definitions of personal information, stricter anonymization requirements, and increased obligations around transparency and consent. The introduction of new individual rights, such as the 'right to be forgotten' and a statutory tort for breach of privacy, signals a shift towards enhanced protection of personal data.

2. APRA and ACCC-Regulated Entities

Reforms impacting entities regulated by the Australian Prudential Regulation Authority (APRA) and the Australian Competition and Consumer Commission (ACCC) include new prudential standards for managing cyber security risk and measures to safeguard consumers from data breaches.

3. Telecommunications Sector Security Reforms (TSSR)

The TSSR have amended the Telecommunications Act 1997, imposing new obligations on carriers and CSPs to protect networks from unauthorized access and to notify the government of changes that could affect security.

4. Proposed Legislation to Combat Ransomware

The Coalition Bill and Labor Bill are key legislative proposals targeting ransomware. These include new criminal offenses, enhanced enforcement powers, and mandatory reporting requirements for ransomware attacks.

5. The Enforcement Act and SOCI Act Reforms

The Enforcement Act has significantly increased penalties for privacy breaches. Meanwhile, the SOCI Act reforms have broadened the scope of obligations for critical infrastructure sectors, introducing new cybersecurity measures and incident response requirements.

6. Navigating the Future

As the cybercrime landscape evolves, so too must Australia’s regulatory framework. The challenge lies in creating efficient, effective, and streamlined regulations that minimize complexity and avoid redundant compliance measures. The Australian government is working towards aligning with international standards, such as the European NIS2 Directive, and enhancing protections for personal information and business resilience in the digital era.

The journey towards robust cyber security and privacy protection in Australia is ongoing. It requires the active collaboration of government, industry, and individuals. As we navigate these changes, staying informed and prepared is key to safeguarding our digital future.

Connect with us at Allied Legal on 03 8691 3111 or drop us an email at to discuss how you can better address your cyber security and privacy policy obligations.

*The insights presented in this article are derived from ‘Shifting sands: Reform in Australian privacy and cyber security regulation’ published to PwC Publications by Adrian Chotar, James Patto and Annie Zhang.

Related Articles


How to Pitch Your Startup to Investors

Learn how to craft a compelling startup pitch that captivates investors with our comprehensive guide. From structuring your narrative to showcasing market potential and financial projections, master the art of persuasion and data-driven storytelling to secure funding for your entrepreneurial journey.

What are Director Duties

Are you a director of a company? Understanding directors' duties is critical to your success and the success of your company. Chester James breaks it down in detail, covering everything from strategic oversight to ethical practices and legal obligations. As a director, you are responsible for acting in the best interests of the company and ensuring compliance with the duties imposed on you as a director. Learn what is required of you as a director and how you can fulfill your duties effectively to contribute to the company’s success

What is a Shareholders Agreement?

Understanding what a shareholders' agreement is just got easier, thanks to Chester's latest blog. Tap into simplified insights on roles, rights, and essentials for every investor. You're one read away from clarity.


Subscribe to our newsletter to receive exclusive offers and the latest news on our products and services.

First Name
Last Name
Email Address

Need some help?

If you need assistance, why not book a call with us today? Or fill out the form below to book in for a free confidential consultation.