Australia just made cyber history. On May 30, 2025, the nation became the first in the world to enforce mandatory ransomware payment reporting under the newly enacted Cyber Security Act 2024. In this episode, we dissect what this means for businesses, law enforcement, and the global cybersecurity landscape.
We break down the key aspects of the legislation, including which organizations are affected, what counts as a “ransomware payment,” and the strict 72-hour deadline for reporting incidents to the Australian Signals Directorate. We’ll also explore how the government intends to use this data to track attackers, strengthen national defenses, and drive policy change — without currently requiring public disclosure.
But it’s not all praise. Critics argue the law imposes strict obligations without offering real help to victims. We examine concerns from cybersecurity experts about a lack of proactive support, the continued pressure to pay ransoms, and whether this initiative is more about optics than outcomes. Plus, we look at how this could influence other countries — including the UK — which are watching closely and debating similar moves.
If your organization does business in Australia or wants to understand the global implications of ransomware regulation, this is the conversation you need to hear. Tune in as we unpack what might be the most consequential cybersecurity law of the year — and what’s coming next.
