26 July 2022

New Cyber Incident Reporting Rules May Catch Some Industries Unaware

Insights Resources

Expanded rules to the Security of Critical Infrastructure Act (the SOCI Act) may catch many businesses unaware. The Act came into effect on 8 April 2022 with a grace period of three months, ending on 8 July 2022.

The expanded rules include the mandatory reporting of cyber security incidents to the Australian Cyber Security Centre (ACSC) by regulated entities under Part 2b of the SOCI Act. Within these organisations, if you become aware that a critical cyber security incident has occurred or is occurring, AND the incident has had, or is having, a significant impact on the availability of your asset, you must notify ACSC within 12 hours after you become aware of the incident. If you become aware that a cyber security incident has occurred or is occurring, AND the incident has had, is having, or is likely to have, a relevant impact on your asset, you must notify ACSC within 72 hours after you become aware of the incident.

Cyber incident

In the information provided by the Cyber and Infrastructure Security Centre, the SOCI Act now applies to 11 critical infrastructure sectors:

  • electricity
  • communications
  • data storage or processing
  • financial services and markets
  • water
  • health care and medical
  • higher education and research
  • food and grocery
  • transport
  • space technology
  • defence industry

The SOCI Act has three essential security obligations that can be activated at different times for particular sectors. Certain entities will be required to:

  • Provide operational and ownership information to the Register of Critical Infrastructure Assets
  • Report all cyber incidents which may impact the delivery of the essential services those assets provide to the Australian Cyber Security Centre
  • To adopt, maintain and comply with a written risk management program. That program will need to identify and mitigate ‘material risks’ to your critical infrastructure asset. (Note: This obligation is not yet enforceable but it will be in the near future)

Cyber crimes

Conclusion

The importance of data and cyber security has never been as crucial as it is now. With statistics of over 67,500 cybercrimes reported to ACSC during the 2020-21 financial year, up 13% from the prior year, these numbers are expected to increase again when the 2021-22 report is released. The time to act is now! Make sure to implement an Incident Response Plan today and test this regularly as it’s no longer a case of if but when.

Super-charge the legal function with intelligent automation

Introducing Lawcadia’s powerful new automation engine, Lawcadia Intelligence™. Highly configurable, no-code automation and logic-based workflows, with a unique plug-in architecture to support new functionality and ease of systems integrations. Discover the power of possibilities.

Similar articles we think you’ll enjoy.

03 August 2022
Simplifying the burden of regulatory breach reporting with the updated Gadens Breach Manager
News
READ MORE
30 June 2022
Why the future is bright for Government lawyers
Insights
READ MORE
21 June 2022
Whitepaper – The Ultimate Legal Operations Guide for In-House Counsel in 2022
Insights Resources
READ MORE

Transform your legal operations with the intelligent matter and spend management system built for in-house legal teams and their law firms with intake & triage, workflow automation, document automation, collaboration workspaces and BI reporting.

BOOK A DEMO    LOGIN