Follow us

June started off with a bang! The OAIC launched proceedings against Medibank, and other regulators were busy too, with ACMA pursuing Optus for non-compliance in relation to its 2022 data breach and APRA clarifying its expectations regarding the adequacy of backups.

Data stolen from Ticketek and Victoria Racing Club has reportedly been leaked, and MediSecure has demonstrated the financial distress that a cyber-attack can cause. More generally, hacks continue to cause disruption and damage in Australia and around the world.

There has been interesting discussion about the cyber resilience of the mining and maritime sectors, and attacks on the healthcare sector continue to attract attention. Research shows that investment in cyber security can reduce cyber insurance premiums

Internationally, the US is banning Russian antivirus software and sanctioned senior executives, China is set to implement stringent cyber abuse regulations, and Poland bolsters cyber security funding following a recent cyber-attack. The UN has introduced new Principles for Information Integrity, and G20 leaders have advocated for global cyber regulators.


The cyber-attacks making headlines in June are linked below: 


Hong Kong Cyber Simulation

On Tuesday 18 June, we had a full house at our Hong Kong offices, as Cameron Whittfield took clients through an immersive cyber simulation. With the help of an expert panel – Tim Toa from Blackpanda, Seulah Han from FTI Consulting, Kenneth Fok from Marriott, and Hannah Cassidy and Annie Zhang from HSF – we worked through examples of decision-making faced by a company grappling with a ransomware and data extortion attack.

 

Cyber Risk Survey

We have launched our Cyber Risk Survey for 2024! We are surveying in-house lawyers again, to better understand their cyber-related experiences and concerns, and would love your insights.

This survey takes 7-10 mins to complete. To thank you for your time, you can choose to receive a summary of your responses benchmarked against the responses received from all survey participants.

The Cyber Risk Survey is available here.

 

Cyber Podcast 

In our next podcast, we interview Dr Marcus Thompson. Stay tuned – it is due to be released next week. 

 

Continuous Disclosure Obligations during a Data Breach

Click here to access our summary of the recent update to ASX Guidance Note 8. The update included a much-anticipated example of managing continuous disclosure obligations during a fast-moving cyber incident. The updates took effect from 27 May 2024.

 

Back to top ^


OAIC files proceedings against Medibank, alleging breach of Australian Privacy PrinciplesOffice of the Australian Information Commissioner – 5 June 2024

The Office of the Australian Information Commissioner (OAIC) has filed civil penalty proceedings in the Federal Court against Medibank in relation to its 2022 data breach. The OAIC claims Medibank failed to take reasonable steps to protect personal information from misuse and unauthorised access or disclosure, in breach of the Privacy Act 1988, and this resulted in a serious interference with the privacy of a large number of individuals. Amongst other things, the OAIC alleges Medibank had inadequate multi-factor authentication systems in place.

 

APRA articulates its expectations regarding security and adequacy of backups – APRA – 3 June 2024

Australian Prudential Regulation Authority (APRA) has emphasised its commitment to cyber resilience, clarifying its expectations of regulated entities regarding cyber security and the adequacy of backups. Amongst other things, APRA reminds regulated entities to self-assess compliance against Prudential Standard CPS 234 (Information Security).

 

Optus coding error to blame for 2022 attack, according to ACMA court filingABC News – 20 June 2024

The Australian Communications and Media Authority (ACMA) is claiming that the 2022 Optus data breach was caused by an access control coding error, and that the attack "was not highly sophisticated or one that required advanced skills or proprietary or internal knowledge”. Optus interim CEO Michael Venter confirmed that the attacker was able to exploit an unknown vulnerability in the company’s defences which arose from a historical coding oversight.

 

ACMA proceedings and consumer class action against Optus could merge – Lawyers Weekly – 14 June 2024

Justice Beach of the Federal Court has suggested advantages with merging ACMA’s proceedings against Optus with the class action brought by Slater & Gordon, noting overlapping issues. ACMA is alleging that Optus failed to adequately protect customer data as required under the Telecommunications (Interception and Access) Act 1979.

 

ASIC to launch threat intelligence platform – IT News – 4 June 2024

The Australian Securities and Investments Commission (ASIC) has announced that A$206.4 million will be directed towards a new threat intelligence platform that seeks to improve information collection and detection of cyber threats.

 

Qld public sector struggling with cyber readiness despite investment – Government News – 4 June 2024

A report by the Queensland Auditor General examined two unnamed Queensland public sector entities, noting ongoing vulnerabilities and room for improvement. A cyber response and recovery governance checklist, and a role capability checklist, were published – available here.

 

Government entities’ management of cyber security incidents – Australian National Audit Office – 14 June 2024

The Australian National Audit Office has published a report on its audit of select Australian Government entities, AUSTRAC and Services Australia, regarding their cyber resilience. The report included 19 recommendations aimed at improving the effective management of cyber security incidents at the agencies.

 

Back to top ^


Cyber insurance premiums reduce after implementing proactive risk management strategies – Insurance Business Magazine – 13 June 2024

Tenable interviewed over 200 IT and cyber security leaders from Australia’s insurance, banking, education, healthcare and transport sectors. The report reveals that 44% of respondents experienced a reduction in insurance premiums by 5% to 15% after introducing preventive cyber security practices.

 

AUCloud launches its 2024 Cyber Security Healthcare Report Cyber Daily – 21 June 2024

AUCloud’s 2024 Cyber Security Healthcare Report highlighted significant threats facing the healthcare sector. The report indicated a 71% year-on-year increase in cyber-attacks on healthcare organisations globally, and in Australia, 41% of healthcare organisations experienced a cyber-attack in 2023.

 

Securing the future: cyber security imperatives for Australian miners – Australian Mining – 19 June 2024

The mining industry in Australia is purportedly facing an increase in cyber-attacks, threatening productivity, safety and data security.

 

Trends in maritime cyber security The Maritime Executive – 24 June 2024

The global maritime industry is purportedly facing growing cyber threats, due to increased digital connectivity and smart technologies being implemented on ships.

 

Critical infrastructure protection market projected to surge to US$162 billion Verified Market Research – 17 June 2024

Verified Market Research reported that the value of the global Critical Infrastructure Protection (CIP) market is expected to increase from US$143 billion in 2024 to US$162 billion in 2031. This increase is being driven by, amongst other things, increasing cyber threats, which has intensified the demand for improved security solutions. 

 

Insights from CrowdStrike CEO George Kurtz WebProNews – 7 June 2024

CrowdStrike CEO George Kurtz offered a comprehensive overview of the current cyber security landscape in a recent interview with the Wall Street Journal.

 

Back to top ^


US bans Russian antivirus software and sanctions senior executives – IT News – 24 June 2024

The Biden administration has announced a ban on the sale of Kaspersky Lab antivirus software, citing cyber security risks due to the company’s ties to Russia. The company will also be prohibited from delivering updates to its existing customers. The US has also sanctioned 12 individuals in senior leadership roles.

 

China’s cyber abuse regulation to take effect from 1 August – People’s Daily Online – 15 June 2024

China’s new cyber abuse regulations aim to safeguard public interests and create a safer online environment. The rules require cyber information service providers to manage online content and propose mechanisms for addressing online violent information.

 

Poland to spend US$760 million on digital security – Security Intelligence – 24 June 2024

This investment follows a disinformation attack in May 2024, in which false information about a military mobilisation was spread prior to national elections. The funding is intended to create a ‘cyber shield’ which will be used to enhance security reviews and resilience of critical infrastructure.

 

G20 leaders call for global cyber regulators – Cyber Daily – 12 June 2024

The G20 Digital Economy Working Group meeting in Brazil discussed the need to address the rising issue of cyber crime, emphasising the importance of having global standards and regulations to protect vulnerable parties such as children and elderly. Other areas of focus centred around connectivity, information integrity, digital government and AI.

 

UN launches principles to combat spread of misinformation – United Nations – 24 June 2024

The UN has launched its Global Principles for Information Integrity to combat online misinformation and hate speech. At the launch, UN Secretary-General António Guterres emphasised the threat posed by misinformation to democracy and human rights.

 

Back to top ^

Cameron Whittfield photo

Cameron Whittfield

Partner, Melbourne

Cameron Whittfield
Peter Jones photo

Peter Jones

Partner, Sydney

Peter Jones
Merryn Quayle photo

Merryn Quayle

Partner, Melbourne

Merryn Quayle
Brendan Donohue photo

Brendan Donohue

Senior Associate, Melbourne

Brendan Donohue
Josh Kain photo

Josh Kain

Senior Associate, Melbourne

Josh Kain
Christine Wong photo

Christine Wong

Partner, Sydney

Christine Wong
Kaman Tsoi photo

Kaman Tsoi

Special Counsel, Melbourne

Kaman Tsoi
Anne Hoffmann photo

Anne Hoffmann

Partner, Sydney

Anne Hoffmann

Key contacts

Cameron Whittfield photo

Cameron Whittfield

Partner, Melbourne

Cameron Whittfield
Peter Jones photo

Peter Jones

Partner, Sydney

Peter Jones
Merryn Quayle photo

Merryn Quayle

Partner, Melbourne

Merryn Quayle
Brendan Donohue photo

Brendan Donohue

Senior Associate, Melbourne

Brendan Donohue
Josh Kain photo

Josh Kain

Senior Associate, Melbourne

Josh Kain
Christine Wong photo

Christine Wong

Partner, Sydney

Christine Wong
Kaman Tsoi photo

Kaman Tsoi

Special Counsel, Melbourne

Kaman Tsoi
Anne Hoffmann photo

Anne Hoffmann

Partner, Sydney

Anne Hoffmann
Laura Newton photo

Laura Newton

Senior Associate, Sydney

Laura Newton
Cameron Whittfield Peter Jones Merryn Quayle Brendan Donohue Josh Kain Christine Wong Kaman Tsoi Anne Hoffmann Laura Newton