The Cyber Security Act 2024 aims to improve cyber security for internet-connected products, mandate ransomware payment reporting, coordinate responses to significant cyber incidents, and establish the Cyber Incident Review Board.

The Cyber Security Act 2024 introduces several new requirements:

• Security standards for internet-connected products: Businesses must ensure that their hardware and software products meet specific cyber security standards before they are marketed. This includes products like IoT devices, which must be secure throughout their lifecycle.
• Mandatory ransomware reporting: Entities are required to report any ransomware payments to authorities. This helps in tracking and combating cybercrime more effectively.
• Incident response coordination: During significant cyber incidents, entities must coordinate with the National Cyber Security Coordinator to ensure a unified and effective response.
• Compliance and penalties: Non-compliance with the Act can result in penalties, so entities need to stay updated on the requirements and ensure full compliance.
• Continuous monitoring and testing: Entities are expected to implement continuous monitoring and regular security testing to detect and address vulnerabilities promptly.

There are several steps that can be taken to prepare for compliance with the Cyber Security Act 2024

Proactivity is essential

To prepare for compliance with the Cyber Security Act 2024 you can take several proactive steps:

1. Conduct a security audit: Assess current security measures against the new requirements. Identify gaps and areas needing improvement.
2. Update security policies: Revise existing policies to align with the Act’s standards, ensuring all internet-connected products meet the necessary security criteria.
3. Employee training: Educate staff on the new regulations and best practices for cyber security. This includes recognising and reporting cyber incidents.
4. Incident Response Plan: Develop or update a comprehensive incident response plan. Ensure it includes coordination with the National Cyber Security Coordinator. Our incident resilience package can help with this!
5. Regular monitoring and testing: Implement continuous monitoring and regular security testing to detect and address vulnerabilities promptly.
6. Ransomware reporting protocols: Establish clear protocols for reporting ransomware payments as required by the Act.
7. Legal consultation: Seek advice from legal experts to understand the full implications of the Act and ensure all compliance measures are legally sound.