Australia’s new Cyber Security Act, effective May 30, 2025, mandates 72-hour incident and ransomware payment reporting for many organisations, shifting cyber security from operational to compliance.
The Essential Eight is what it advertises – eight key mitigation strategies that work together primarily to prevent and limit cyber incidents. It has rightly become a widely adopted baseline for Australian organisations in and beyond the public sector. But it explicitly states that it is not a complete security strategy, and this assertion is correct. Organisations need to understand what Essential Eight does and does not cover, and use this to plan their next steps.
Zero trust is the current rallying cry for security architecture. Does that signal the death knell for firewalls?
'%3e%3cg%20id='Final-Copy-2_2_'%20transform='translate(1275.000000,%20200.000000)'%3e%3cpath%20class='st0'%20d='M7.4,12.8h6.8l3.1-11.6H7.4C4.2,1.2,1.6,3.8,1.6,7S4.2,12.8,7.4,12.8z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg%20id='final---dec.11-2020'%3e%3cg%20id='_x30_208-our-toggle'%20transform='translate(-1275.000000,%20-200.000000)'%3e%3cg%20id='Final-Copy-2'%20transform='translate(1275.000000,%20200.000000)'%3e%3cpath%20class='st1'%20d='M22.6,0H7.4c-3.9,0-7,3.1-7,7s3.1,7,7,7h15.2c3.9,0,7-3.1,7-7S26.4,0,22.6,0z%20M1.6,7c0-3.2,2.6-5.8,5.8-5.8%20h9.9l-3.1,11.6H7.4C4.2,12.8,1.6,10.2,1.6,7z'/%3e%3cpath%20id='x'%20class='st2'%20d='M24.6,4c0.2,0.2,0.2,0.6,0,0.8l0,0L22.5,7l2.2,2.2c0.2,0.2,0.2,0.6,0,0.8c-0.2,0.2-0.6,0.2-0.8,0%20l0,0l-2.2-2.2L19.5,10c-0.2,0.2-0.6,0.2-0.8,0c-0.2-0.2-0.2-0.6,0-0.8l0,0L20.8,7l-2.2-2.2c-0.2-0.2-0.2-0.6,0-0.8%20c0.2-0.2,0.6-0.2,0.8,0l0,0l2.2,2.2L23.8,4C24,3.8,24.4,3.8,24.6,4z'/%3e%3cpath%20id='y'%20class='st3'%20d='M12.7,4.1c0.2,0.2,0.3,0.6,0.1,0.8l0,0L8.6,9.8C8.5,9.9,8.4,10,8.3,10c-0.2,0.1-0.5,0.1-0.7-0.1l0,0%20L5.4,7.7c-0.2-0.2-0.2-0.6,0-0.8c0.2-0.2,0.6-0.2,0.8,0l0,0L8,8.6l3.8-4.5C12,3.9,12.4,3.9,12.7,4.1z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
Your Privacy Choices