The Department of Home Affairs has initiated a call for expressions of interest to form the Cyber Incident Review Board (CIRB), a new independent body designed to review significant cyber security incidents in Australia.
The creation of the board comes at a time when cyber threats and scams are increasing in frequency and impact across the business sector.
The Minister for Home Affairs will appoint a chair and up to six standing members to the CIRB. Candidates are invited to nominate for specific roles, with the board’s composition intended to reflect a range of professional backgrounds and expertise.
The CIRB will be supported by an expert panel, which will be drawn from a pool of sector specialists as needed for individual reviews.
Recent data highlights the growing challenge for Australian organisations. WatchGuard Technologies reported that in August 2025, more than 5,000 malware incidents and over 65,000 network attacks were detected nationwide.
The majority of these malware threats were known variants, but a notable portion (7%) were zero-day threats, which are newly identified and often more challenging to address.
Phishing and credential theft tools remain prevalent, with HTML:Beluga.5564 and JS:Trojan.Cryxos.14878 among the most commonly intercepted malware. These findings indicate that social engineering remains a key tactic for cybercriminals.
While Australia accounted for just over 1% of malware detections in the Asia-Pacific region, it represented 57% of blocked network attacks, according to WatchGuard.
Meanwhile, the National Anti-Scam Centre (NASC) reported that nearly $175 million in losses were recorded in the first half of 2025, despite a reduction in the number of scam reports. The financial impact of scams increased by 26% compared to the same period in 2024.
Certain groups, including individuals for whom English is a second language and First Nations Australians, experienced higher rates of loss.
The CIRB will conduct post-incident reviews of major cyber events, focusing on identifying systemic factors and providing recommendations to both government and industry.
The board’s reviews are not intended to assign blame or determine liability. Instead, the goal is to inform future prevention and response strategies, with findings shared in a manner that protects sensitive and classified information.
Reviews may address individual incidents or groups of incidents with common characteristics, such as attack method or affected systems. The board will only commence its review after initial response activities are complete.
Eligibility for board membership requires significant experience in areas such as critical infrastructure, crisis management, cyber security, and legal or corporate governance. All appointees must hold a Negative Vetting 1 security clearance.
Preference will be given to those with prior board or executive experience and a demonstrated background in cyber security.
Interested professionals are encouraged to review the position description and submit an application that outlines their qualifications and suitability for the role.
Submissions must include a current CV and a written statement addressing the selection criteria. The application deadline is 11:59pm AEST on Oct. 6.
Individuals not appointed to the board but possessing relevant expertise may be considered for the expert panel, which will assist the board in specific reviews.
The Department of Home Affairs will maintain an ongoing process for future expressions of interest and to fill vacancies as they arise.
Further information on the CIRB, including eligibility requirements and application instructions, is available on the Department of Home Affairs website.
