As Australia heads into 2025, sweeping reforms are transforming our digital landscape. The landmark Cyber Security Act 2024, alongside major privacy and Digital ID reforms, signals a significant overhaul of Australia's digital regulations. From mandatory ransomware payments reporting to enhanced privacy protections and a new Digital ID framework, these changes set clear expectations for how organisations handle cyber threats and personal information. With implementation deadlines approaching, businesses and government agencies face crucial decisions about compliance and digital security. Discover how these reforms will reshape Australia's digital future and what your organisation needs to know to prepare for the changes ahead.

This article has been accepted for Publication in IEEE Xplore and is © IEEE.

The banking system is part of Australia’s critical infrastructure, and integrity and trust in transactions is essential to our financial system.

Data breaches at scale: implications of the Optus and Medibank breaches.

The recent spate of reported cyber-attacks is likely due to both increased frequency and greater reporting obligations under Australian law.

Business email compromise is an insidious and increasingly common means of fraud that poses a threat to any businesses, especially law firms, that act as trustees in large transactions.

Even without a formally recognised duty of technological competence, such a duty might be inferred by an Australian court having regard to reported levels of cybercrime, other professional duties and the official warnings by regulatory bodies.

The choice between paying a ransom and either losing all your business records or seeing confidential client information lost or published is one that no practitioner ever wants to make.

The choice between paying a ransom and either losing all your business records or seeing confidential client information lost or published is one that no practitioner ever wants to make.

A potentially costly ransomware attack on a major American law firm is a reminder for all firms to educate their employees about cyber risks at a time when more people are working during the COVID-19 crisis

Three types of insurance – PII, cyber and crime cover may be required for comprehensive protection.

Cybercrime is challenging organisations everywhere, with daily news stories about businesses, government organisations and even global IT companies that have been hacked. Law societies and insurers have been warning lawyers about cyber risk, in particular…

Conveyancers have been early adaptors of electronic conveyancing, which has been mandatory for all mainstream property transactions in NSW since 1 July 2019. With the commencement of this new era it is timely to consider the lessons that have been (and can still be) learned about cyber risk and resilience in conveyancing.

Cyber risk may be a modern phenomenon, but the old adage about an ounce of prevention being better than a pound of cure still applies.

Unless training is provided and proper accounts processes are in place, employees will often action fake payment requests that appear to come from a senior officer within the organisation.

Be proactive in understanding your practice’s cyber security profile – do not regard it as a ‘set and forget’ issue.

Managing cyber risk is now an integral part of legal practice, and law firms should consider both risk management and risk transfer via insurance when planning cyber risk response.

From 1 July 2018, all caveats and land transfers without mortgages in NSW have been lodged electronically, and this will be extended to all mainstream property transactions from 1 July 2019.

Our article by Simone featured in the Law Society Journal, December 2018. Click though to read the full article where Simone discusses the types of scams impacting legal practices, and how they actually work. She highlights possible dangers in outsourcing responsibility for cyber resilience to external IT consultants and, how do different insurance policies respond?

Further information is contained in the linked article, written in 2017 for Lawcover’s risk page in the Law Society Journal under the title ‘Is your firm privacy compliant?’.

Insights: Regardless of size, cyber risk is a significant risk to all law firms. Professional indemnity policies often provide broad coverage for third party claims but not the firm’s own losses. Cyber insurance can offer different, additional types of cover including specialist technical support.