What is

Mandatory Ransomware Payment Reporting laws

Australia's world-first mandatory ransomware payment reporting laws, enacted under the Cyber Security Act 2024, requires businesses with an annual turnover exceeding AUD$3 million and critical infrastructure operators to report ransomware payments within 72 hours.

Mandatory Ransomware Payment Reporting laws

in more detail

The Cyber Security Act 2024 (Cth) commenced on 20 May 2025 and requires entities to report ransomware payments to the Australian Signals Directorate within 72 hours of making a payment. This applies to operators of critical infrastructure and businesses with annual turnover exceeding $3 million. Non-compliance may attract penalties for non-compliance.

RELATED TERM

Trigger Event

System Failure

Transaction Fraud

Supply Chain Attack

Social Engineering

Silent Cyber

Phishing

Service Degradation

Resilience Measures

Security Event

Security Awareness Training

Privacy Impact Assessment (PIA)

Mean Time to Recovery (MTTR)

Notification Failure

Operational Disruption

Multi-Factor Authentication (MFA)

Malware Propagation

Infrastructure Failure

Identity Theft

External Threat

Incident Response Plan

Governance Failure

Ethical Hacking

Email Compromise

Encryption Failure

Disaster Recovery

Electronic Data

Digital Forensics

Dependent Service Interruption

Data Theft

Denial of Service (DoS)

Data Subject Access Request (DSAR)

Data Retention Period

Data Retention Failure

Data Integrity Loss

Cyber War / Acts of War Exclusion

Cyber Theft

Cyber Extortion Demand

Credential Stuffing

Breach Coach

Botnetting

Business Email Compromise (BEC)

Cyber Event

Application Outage

Malware

Business Continuity Plan

Bodily Injury

Access Control Failure

Account Takeover

Zero Trust

Zero-Day Exploit

Vulnerability

Unauthorised Modification

Unauthorised Access

Third-Party Dependency

Service Interruption

Third-Party Liability

Security Breach

Recovery Time Objective (RTO)

Ransomware

Qualified Incident Response Firm

Outsourced Service

Known Threat Actor

Hacker

Host System

Approved Provider / Panel Vendor

Direct Financial Loss

Incident Response

Cyber Extortion

Cryptojacking

Eligible Data Breach

Notifiable Data Breaches (NDB) scheme

Data Breach

ALL CATEGORY

Tradies

Cyber

Generic

Mandatory Ransomware Payment Reporting laws

|

Cyber

RELATED TERM

ALL CATEGORY

Navigation

Insurance

Other Links