Telco boards must adhere to cyber risk management programs or risk penalties

The updated regulations aim to strengthen critical systems against cyberattacks and grant the government the authority to intervene and provide guidance during incidents.
23 November 2023
Image by CyberBeat

Major telecommunications companies, including Optus and Telstra, will now be required to annually approve a new or updated cyber risk management program or face significant penalties. 

These changes are a result of new laws introduced by Home Affairs Minister Clare O'Neil, which now classify telecommunications as "critical infrastructure." 

Previously, similar rules applied to hospitals, utilities, ports, and energy generation assets.

In 2018, O'Neil criticised the Coalition for not including telcos in these critical infrastructure laws, accusing her predecessor of making a deal with the companies. 

The Coalition believed that existing legislation adequately covered telcos, but O'Neil referred to it as "bloody useless" following the Optus breach in October 2022. 

During this breach, an anonymous hacker gained access to sensitive personal information of 9.8 million Australians, including names, birthdates, phone numbers, addresses, passport details, healthcare records, and driver's license details.

These latest changes aim to strengthen critical systems against cyber attacks and provide the government with intervention powers and directions during incidents.

- CyberBeat


About CyberBeat

CyberBeat is a grassroots initiative from a team of producers and subject matter experts, driven out of frustration at the lack of media coverage, responding to an urgent need to provide a clear, concise, informative and educational approach to the growing fields of Cybersecurity and Digital Privacy.

Contact CyberBeat

If you have a story of interest, a comment, a concern or if you'd just like to say Hi, please contact us

Terms & Policies >>


We couldn't do this without the support of our sponsors and contributors.