Latest News

New Ransomware Reporting Rules in Australia: Insights from Sarah McAvoy’s TechPartner.News Feature

CyberUnlocked founder Sarah McAvoy was recently featured in an article on techpartner.news, offering timely insights into Australia’s new ransomware reporting requirements. The article, “Waiting until an incident is in progress is too late: MSPs urged to review ransomware response as new reporting rules commence", addresses a critical shift in cyber security expectations.

 

As of May 30, 2025, the Cyber Security (Ransomware Payment Reporting) Rules 2025 are now in effect. These rules require certain entities, those with turnover exceeding $3 million or operating in critical infrastructure, to report ransomware payments within 72 hours. Sarah McAvoy emphasises the importance of planning ahead, stating: "Deciding whether you would pay a ransom isn’t a crisis decision; it’s a preparedness decision."

 

This change is not only about legal compliance, it’s about strengthening cyber resilience. The initial phase, which prioritises education over enforcement, continues through December 31, 2025. Now is the time to clarify reporting obligations, assess whether your organisation qualifies as a reporting entity, and refine your incident response readiness.


We're excited to share that our founder, Sarah McAvoy, was featured in an article on techpartner.news, shedding light on  new ransomware reporting rules in Australia. The article, "Waiting until an incident is in progress is too late”: MSPs urged to review ransomware response as new reporting rules commence, couldn't be more timely. 


As of May 30, 2025, new Cyber Security (Ransomware Payment Reporting) Rules 2025 are in effect, making it mandatory for certain entities (those with a $3 million+ turnover and critical infrastructure) to report ransomware payments within 72 hours. Sarah McAvoy emphasises that preparedness is paramount. As she states, "Deciding whether you would pay a ransom isn’t a crisis decision; it’s a preparedness decision".


This isn't just about compliance, it's about strong cyber security. The current phase, focusing on education rather than penalties, runs until December 31, 2025. It's crucial to understand your reporting obligations, assess your status as a reporting entity, and refine your incident response plans. Don't let an oversight become a crisis. 


Read the full article on techpartner.news here.

More CyberUnlocked Blogs

Code snippet with a red error symbol, likely indicating a code error.

React2Shell: What You Need To Know About This New Server-Side React Risk

by Sarah McAvoy 11 December 2025
React2Shell is a critical server-side React flaw. This guide explains the risk, who may be exposed and the steps organisations must take to protect systems and data.

Beyond the Keyboard: How AI Is Becoming an Active Player in Cybercrime

by Sarah McAvoy 24 November 2025
Beyond the Keyboard: How AI Is Becoming an Active Player in Cybercrime
CyberUnlocked Insights: Featured in TechPartner.News

CyberUnlocked Insights: Featured in TechPartner.News

by CyberUnlocked 7 October 2025
CyberUnlocked founder Sarah McAvoy was recently featured in an article on techpartner.news titled, "The Compliance Dilemma for Technology Partners: Risk, Revenue, and Reputation." The piece highlights the growing pressure on technology partners to become compliance experts. It’s a brilliant article that gets straigh