To pay or not to pay the ransom? Organisations may find their decision easier with government guidance

By Cameron AbbottRob Pulham and Jacqueline Patishman

The Cyber Security Advisory Committee (an industry based advisory panel established by the Minister for Home Affairs to provide independent strategic advice on Australia’s cyber security challenges) has recommended in its annual report that the federal government develop a clearer policy position on the payment of ransoms by organisations that have suffered ransomware attacks.

The push towards a stronger ransomware position from the government follows the range of ransomware attacks that we have been blogging about and coincides with the introduction of a private member’s bill, the Ransomware Payments Bill, which proposes to make it mandatory for Australian businesses and government agencies to notify the Australian Cyber Security Centre (ACSC) before paying a ransom.

In addition to guidance on ransomware payments and increased awareness and efficacy in managing cyber threats, the committee has recommended that the government focus on the following in the next 12 months:

  • Cyber security awareness raising
  • Workplace readiness
  • Elevated profile for Australian Cyber Security Centre’s Joint Cyber Security Centres
  • Australia’s International Cyber and Critical Technology Engagement Strategy
  • Evaluation and measuring cyber security maturity
  • Best Practice Regulation Taskforce
  • Ransomware
  • Cryptocurrency

As the sophistication and availability of computing power increases, current encryption technology becomes insufficient to keep data secure. The Committee has recommended that the government invest in uplifting quantum encryption technology it employs to maintain the confidentiality of data it protects and drive incentivised research and development funding in this area.

For more detail about the committee’s recommendations – see its report here.

Copyright © 2019, K&L Gates LLP. All Rights Reserved.