Moves to strengthen privacy laws in Australia could actually encourage more hacking, according to a non-profit service for victims of identity theft.
The warning from IDCare follows Australian regulators’ plans to fine companies for poor data security. However, the proposals would not make ransom payments a criminal offence, which the non-profit claims could lead to unintended consequences.
In its response to the attorney- general’s review of privacy legislation, IDCare claims that Australia is the fifth-most targeted nation for ransomware attackers. It concluded this from its monitoring of online environments “specialising in the extortion of breached entities and the recirculation of breached data”.
“A significant reason why Australian governments and businesses are increasingly targeted by ransomware attacks, the likes of which have breached almost half the Australian population in the last 24 months, is because we pay up,” it warns. “Business is booming for ransomware attackers because there is little disincentive and Australia has form in paying and not necessarily notifying.”
The service pointed to a survey of 500 businesses carried out in 2022 by forensic accountants McGrath Nicol, which revealed that 59% of companies had suffered a ransomware attack in the past five years. Of these, 79% chose to pay the ransom and 44% did so within 24 hours to minimise potential damage. The average ransom paid in 2021 was A$1.01m.
IDCare said the government’s threat of massive fines would force companies to choose whether to pay A$1m or notify the authorities and risk a fine of up to A$50m. “In terms of ransomware attacks, Australia is open for business,” it warns.
Image credit | Shutterstock