The regulatory landscape in Australia’s cyber market is changing rapidly. But what does this mean for organisations? What are the most important and significant changes that businesses need to be on top of or risk falling foul of the new rules?
Dominic Keller, global head of cyber services at QBE Insurance, explained to IB that while regulatory shifts are coming fast, business leaders need to move even faster.
“It's a quickly evolving and developing space,” Keller said. “There are a number of regulators, and many different points of focus across a range of industries.”
He added that recent high-profile cyber incidents appear to have driven regulators to pay closer attention to how organisations are managing their cyber risks. “Regulations are developing to improve management of organisational cyber risks, alongside regulators focusing on how best to manage systemic cyber risks across the Australian economy,” Keller explained.
Many of these new regulations are being developed through consultation with stakeholders, with the aim of boosting broader awareness and understanding of cyber risks. For example, the Cyber Security Act focuses on raising awareness of ransomware events rather than mandating certain outcomes. This Act is part of the Australian Government's broader 2023–2030 Cyber Security Strategy, which outlines six "cyber shields" designed to strengthen national resilience and better support businesses and citizens.
“It's critically important for organisations to understand their regulatory obligations and review them very regularly,” Keller said. “They are changing all the time - month by month, year by year. The government is shifting from a reactive approach to a more proactive approach, bringing in more comprehensive regulations and aligning different regulators around a common goal.”
For leaders and their organisations, managing these regulatory risks is critical to remain compliant and operational in 2025 and beyond. Keller emphasised the need for business leaders to build awareness – both of the risks in their sector, as well as the broader industry landscape.
“QBE works closely with our broker partners and customers to help them understand the risks,” he said. “Through our cyber insurance offering, we engage legal advisors to provide insights on the evolving regulatory environment and we will discuss the key regulatory risks that might be a focus point for the organisation.”
Keller is quick to point out that while nationwide legislation is changing, this is far from an Australia-specific risk – it’s a global one. As such, organisations that operate outside of Australia may be subject to differing rules and regulations – which is why understanding the international landscape is essential.
However, if organisations do find themselves facing a regulatory investigation – which for many may be their first time – QBE is there to support them as part of the claims process.
“Our cyber insurance can provide coverage for the costs and expenses arising from regulatory investigations,” added Keller. “Importantly, it also allows organisations access to expert advice quickly, so they’re not alone in preparing and navigating notification requirements.”
What’s more, during the cyber incident response phase, QBE’s coverage enables affected organisations to work directly with experts who assess the risks and how breach notifications may need to be provided in the future.
“We’re very much focused on advising our customers in a proactive way so they can manage these challenges as effectively as possible,” added Keller. “With the right support, organisations can face the shifting regulatory landscape with more confidence and clarity.”
Disclaimer: This content is brought to you by QBE as a convenience to readers and is not intended to constitute advice (professional or otherwise) or recommendations upon which a reader may rely. QBE makes no warranty or guarantee about the accuracy, completeness, or adequacy of the content. Products issued and underwritten by QBE Insurance (Australia) Limited (ABN 78 003 191 035, AFSL 239545) (QBE). To decide if a product is right for you, please read the relevant PDS and TMD or Policy Wording, available here.
