Login
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUM MEDIA
With the government enacting more stringent cyber security reforms, the director and senior legal writer from practical law at Thomson Reuters discuss how this has forced law firms to prioritise cyber security as a critical area of focus.
The cyber security landscape in Australia has undergone a significant transformation since the introduction of the Cyber Security Legislative Package to Parliament last October. With the passage of these legislative reforms, law firms are now required to adopt a more rigorous approach to address cyber security concerns.
In a recent live stream hosted by Lawyers Weekly in collaboration with Thomson Reuters, Tim Perry, the director of practical law at Thomson Reuters, and Louise Sinclair, a senior writer in cyber security law for practical law, shared how cyber security has emerged as a top priority for all law firms and key developments that legal professionals should be aware of in this evolving landscape.
In the same webcast, they shared insights into potential reforms from the Dutton-led Coalition that could significantly impact employee rights and business regulations and discussed the most significant reforms in employment law that are expected to have a substantial impact.
Sinclair said she was “really shocked” at the announcement of the Cyber Security Legislation Reform Package but emphasised that this initiative serves as a means to implement Australia’s cyber security strategy for 2023–2030.
The announcement regarding these legal reforms, as explained by Sinclair, represents a continuation of the government “really emphasising [its commitment prioritising] cyber security”.
She stressed how cyber security is now “not only a business issue [but] it’s a national issue”, with the recent reforms to cyber security legislation compelling all organisations to place cyber security “at the top of their list” of agendas.
This shift is not limited to Australia, with cyber also showing up as a top priority in the UK and the US.
She shared that this is the case as there is an increasing demand for “more resources to manage cyber risk and to uplift the cyber security of their organisations”.
One notable legislative reform that Sinclair highlights for firms to consider is the establishment of “mandatory ransomware reporting obligations”, which have been introduced under the country’s first standalone Cyber Security Act.
Sinclair highlighted that these new obligations, which pertain to “organisations that have a turnover over $3 million”, will mandate firms to report any ransom payment “within 72 hours” of making the payment or upon “becoming aware of a ransomware payment being made”.
“It’s very much in step with the government wanting full and frank disclosure from the private sector around cyber incidents. They’ve wanted to know about cyber ransomware payments for a long time, but there has been that tension with providing information to the government because of, you know, fear of reprisals further downstream in relation to litigation risk and regulatory action,” she said.
Perry emphasised that the recent changes in the cyber security legislative landscape place “the onus on leaders of law firms” to ensure that their cyber security defence mechanisms are robust and adequately prepared for potential breaches.
Get breaking news
Grace Robbie
