Companies across eight sectors, including financial services, water and data storage, have until the end of September to demonstrate they have complied with new cyber security obligations developed after 18 months of consultation and work.

Special Envoy for Cyber Security and Digital Resilience Andrew Charlton said the new requirements were only part of the sweeping measures the Albanese Government was taking to protect critical infrastructure and ensure the security of Australians’ private data.

“The internet if literally changing the way crime works, and the government has to work with everybody to make sure that people feel s safe online as they do on the street,” he said.

“That means all the structures and protections around people that exist in the physical world need to be built in the online life world.”

The security requirements were formulated in the wake of several major cyber hacks, including the Optus data breach in 2022 when cyber criminals obtained the personal information of up to 10 million current and former Australian customers.

That same year Medibank experienced a serious breach with cyber criminals releasing personal health files of customers on a dark web forum.

The government has allocated 50 million to the Australian Federal Police to enable them to go after cyber criminals, while new privacy legislation introduced to parliament is designed to hold companies to account for the personal information they hold.

“The total cost of cyber crime is now measured in the trillions of dollars,” Mr Charlton said.

“Criminal gangs now make more money out of cyber crime and extortion than they do out of the trade and trafficking in all illegal drugs combined.”

Mr Charlton, who was appointed to the cyber role by Prime Minister Anthony Albanese in July, said Australians are currently “living through the digitisation of crime”.

“All of our frameworks and protections have to catch up with that,” he said.

Work is underway to allow Australians to refer a telco or health provider to their government ID to confirm their identify once rather than have private companies collect and store those details permanently.

Mr Charlton said the government was also working to “harden targets” like small businesses and vulnerable groups to protect them from cyber criminals.

“One of the biggest things we can do is make sure people are aware of what they can do to better protect themselves,” he said.

Mr Charlton said he saw Australia strengthening its cyber security as an “opportunity, not a cost”.

“I think the biggest opportunities Australia has across our economy is in adopting digital tools, and taking advantage of the digital revolution all around use, that’s the solution to a large part of our productivity dilemma,” he said.

Mr Charlton said he was concerned about cyber attacks have a “chilling effect” making businesses and individuals are reluctant to take the leap into the digital economy because of security fears.

“There are small businesses that aren’t downloading the newest productivity application because they’re worried about cyber security, or the Australian not taking advantage of connectivity or answering the call from an unknown number out of fear,” he said.

“I think if we fix cyber security, we don’t just stop the attacks, we open Australia up to the possibility of harnessing all these benefits form the digital economy.”

More Coverage

FBI confirms Iran behind Trump hack

Oscar Godsell

Cyber security company faces blistering multibillion-dollar loss amid global outage

Adriana Mageros