This page contains information for individuals and businesses about how to respond to a cyber incident.
Individuals
Australian Signals Directorate (ASD) provide guidance on where to find support to respond to a cybercrime.
If your online accounts have been compromised or your information has been lost in a data breach be alert to:
- unsolicited contact from cybercriminals impersonating banks, cybersecurity agencies or the organisation involved in the data breach
- increased phishing activity.
Learn how to protect yourself.
Use the official website or app
Always use the official website or apps to contact organisations or to access your online accounts. Don't use contact details or weblinks in unsolicited or suspicious communications.
Business
If you are a registered Australian small business of 19 or fewer full-time equivalent employees (excluding the owner), you are eligible to access the IDCARE's free Small Business Cyber Resilience Service.
The service is an Australian Government and IDCARE initiative and includes:
- Incident Response Hotline
- Cyber First Aid Support.
ASD support - 24 hours a day, 7 days a week
ASD supports organisations to respond to a cyber incident, including their technical incident response advice and assistance service available.
ASD guidance
ASD also publish guidance to support organisations to prepare and respond to cyber incidents, including technical practitioner guidance.
Read more on the ASD website about cyber security incident response.
Business email compromise
Business email compromise is a cyberattack where cybercriminals:
- compromise an email account or impersonate a business email account using a domain name similar to the real business
- seek to divert payments from customers to a bank account operated by the cybercriminal.
ASD provide guidance on business email compromise. Read the following:
- Email Attacks: Emergency Response Guide
- Email Attacks: Prevention Guide to protect your business against further attacks.
Prevention requires cybersecurity controls, business policies and cybersecurity awareness for employees.
Ransomware
Ransomware is malware that encrypts your files so you can no longer access them.
Cybercriminals demand a ransom to restore access and may also demand a ransom to prevent leaking or selling stolen data.
The impacts of ransomware include business disruption and financial loss, data breaches and reputational damage.
ASD provides guidance on ransomware. Read the following:
- Ransomware Emergency Response Guide
- Ransomware Emergency Response Guide: one page guide
- Ransomware Prevention Guide.
Ransom
The Australian Government recommend not to pay a ransom as there is no guarantee you will:
- regain access to your information or
- prevent it from being sold or leaked online.
Certain businesses in Australia are required under Section 27 of the Cyber Security Act 2024 to report a ransomware or cyber extortion payment within 72 hours.
Report on Australian Signals Directorate (ASD) ReportCyber portal.
Privacy and data breaches
In addition to reporting to ReportCyber the following also applies.
If a cybersecurity incident results in the unauthorised access or loss of personal information, businesses covered by the Privacy Act 1988 are obligated to report eligible data breaches to the Office of the Australian Information Commissioner (OAIC) under the Notifiable Data Breach Scheme.
Data breaches can result in serious harm to the individual/s whose information is impacted, including email phishing and identity fraud, and customers who are impacted should be notified.
Eligible data breaches include where:
- personal information is accessed or disclosed without authorisation or lost
- it is likely to result in serious harm to the individual/s whose information is impacted
- the business was unable to prevent with remediation the likely risk of serious harm occurring.
Refer to the Privacy Act 1988 obligations to protect personal information applicable to businesses with annual turnover over $3 million and some small business operators.
Guidance on the obligations is published on the OAIC website.
ASD provide guidance for small and medium businesses on data security to protect personal and customer information. Read about securing customer personal data.
Government response to nationally significant cybersecurity incidents
The Australian Cyber Incident Management Arrangements (CIMA) for Australian Governments sets out how the Australian and State and Territory governments collaborate to respond to and reduce the harm caused by national cyber incidents.
The Department of Corporate and Digital Development (DCDD) is the lead agency for cybersecurity in the Northern Territory Government.
Cyber NTG lead cyber incident response under the CIMA. They collaborate with ASD, the National Office of Cyber Security and Australian Government agencies to respond to nationally significant cybersecurity incidents and their consequences where Northern Territory citizens may be impacted.
Information provided on this site will refer to advice published by the Australian Signals Directorate (ASD) and their Australian Cyber Security Centre service as the lead Australian Government authority for technical advice, guidance and support.
You can visit the ASD’s website at cyber.gov.au and read more about their services.