"The proposed Cyber Security Act 2024 walks a tightrope between protecting our industries and implementing effective and workable regulation for business," said Innes Willox, Chief Executive, Australian Industry Group.
"As Ai Group recommended to the Government, we are pleased to see lower-risk SMEs exempted from ransomware reporting obligations. Small businesses do not pose significant systemic cyber risks, and so shouldn't be burdened by onerous and disproportionate compliance obligations.
"We also welcome the decision to align new national standards for consumer grade connectable products (or IoT) with international standards making efforts. This will ensure Australia is interoperable with approaches used in our trade partners, can contribute to international standards making, and reduces the regulatory burden on our businesses.