The Federal Government is intensifying its battle against cybercriminals with a $600 million injection.

The government has unveiled new funding alongside a revamped cybersecurity strategy, which includes mandatory reporting of business hacks, the establishment of a board to analyse major attacks, and new regulations to prevent excessive hoarding of customer data.

Home Affairs Minister Clare O’Neil says Australia must respond to the escalating cyber threats.

“We need to act now to defend Australia from cyber threats. Australia is a wealthy country and a fast adopter of new technologies, which makes us an attractive target for cybercriminals,” Ms O’Neil said.

With cyberattacks on the rise, the updated strategy aims to enhance the resilience of citizens, businesses, and government agencies. 

Ms O’Neil has pledged to make Australia a global cybersecurity leader by 2030.

The initiative outlines six ‘cyber shields’: strong businesses and citizens, safe technology, world-class threat-sharing and blocking, protected critical infrastructure, sovereign capabilities, and a resilient region with global leadership.

Labor, committing an additional $587 million by 2030 to augment the Morrison government's $2.3 billion commitment, says it will prioritise support for small and medium businesses, public awareness, combating cybercrime, disrupting the ransomware business model, and bolstering identity security.

Key allocations include $291 million for small and medium businesses, awareness campaigns, cybercrime prevention, and identity security; $146.3 million for defending critical infrastructure and enhancing government cybersecurity; and $129.7 million for regional and global cybersecurity initiatives.

The Federal Police will receive extra resources to combat cyber gangs as part of Australia’s offensive cyber capabilities.

To address obstacles in responding to cyberattacks, the government will introduce safe harbour provisions and a no-fault, no-liability ransomware reporting obligation. 

Information shared with cyber officials by businesses will be subject to limits on usage by other government bodies.

While refraining from banning ransomware payments, the government will create a “ransomware playbook” to guide businesses on dealing with such incidents, strongly discouraging payments due to the lack of guarantees regarding data access and potential re-targeting.

A Cyber Incident Review Board, similar to the Australian Transport Safety Bureau and inspired by the US Cyber Safety Review Board, will conduct no-fault post-incident reviews to enhance collective cybersecurity and preparedness.

Incentivising threat sharing and blocking, especially among critical infrastructure providers and internet service providers, and conducting frequent national cybersecurity exercises across the economy are also part of the new strategy.