Report a cybercrime, cyber security incident or vulnerability.
Report

What are you looking for?

You can search for keywords to find pages that can help you e.g. scam
First published: 15 Sep 2012
Last updated: 12 Dec 2024

Content written for

Small & medium business
Large organisations & infrastructure
Government

Attachments

Introduction

The Australian Signals Directorate (ASD) is responsible for monitoring and responding to cyberthreats targeting Australian interests. Cyberthreats can result in the denial of access to, the theft of, or the destruction of systems and data. In addition to the damage done to Australia’s economic wellbeing as a result of such cybersecurity incidents, they can undermine public confidence in organisations and consume significant resources to respond to. Reporting cybersecurity incidents to ASD ensures that timely assistance can be provided, if required. This may be in the form of investigations or remediation advice.

Preparing to respond to cybersecurity incidents

Organisations should ask themselves the following questions to determine how prepared they are to respond to cybersecurity incidents:

  • Have we identified systems and data critical to our business operations?
  • Do we have business continuity and disaster recovery plans?
  • Do we have an up‐to‐date and regularly tested cybersecurity incident response plan?
  • Do our agreements with service providers include cybersecurity incident reporting and response activities?
  • Do we have the ability to detect when cybersecurity incidents may have occurred?
  • How easily and quickly can we access appropriate resources to respond to cybersecurity incidents?
  • What are our legislative obligations in regards to reporting cybersecurity incidents?
  • Do we have a public communications plan in case of cybersecurity incidents?

Reporting cybersecurity incidents

A cybersecurity incident is a single or series of unwanted or unexpected cybersecurity events that have a significant probability of compromising an organisation’s business operations. Cybersecurity incidents can impact the confidentiality, integrity or availability of a system and the data that it stores, processes or communicates.

The types of cybersecurity incidents that should be reported to the ACSC include:

  • suspicious privileged account lockouts
  • suspicious remote access authentication events
  • service accounts suspiciously communicating with internet-based infrastructure
  • compromise of sensitive or classified data
  • unauthorised access or attempts to access a system
  • emails with suspicious attachments or links
  • denial-of-service attacks
  • ransomware attacks
  • suspected tampering of electronic devices.

Organisations should report cybersecurity incidents to ASD. Once a cybersecurity incident is reported to ASD, it is recorded and triaged. At this time the priority and extent of assistance that is necessary to respond to the cybersecurity incident is determined.

ASD takes the protection of information seriously. Under the limited use obligation, information voluntarily provided to ASD about cybersecurity incidents, potential cybersecurity incidents or vulnerabilities impacting organisations cannot be used for regulatory purposes.

Communicating cybersecurity incidents to customers and clients

Cybersecurity incidents can attract public and media interest, particularly if they compromise customer or client data, or disrupt supply of goods and services. As such, organisations should prepare for communicating publicly about cybersecurity incidents, including cybersecurity incident response activities, and plan for how they will keep customers and clients, stakeholders, and the broader public informed.

Organisations should ask themselves the following questions to determine how prepared they are to communicate publicly about cybersecurity incidents:

  • Who has responsibility for producing information about the cybersecurity incident?
  • Who has responsibility for approving the release of information about the cybersecurity incident?
  • Who has the responsibility for communicating information about the cybersecurity incident?
  • Do we have clear and consistent communications channels to communicate information about the cybersecurity incident?
  • Do we have ways for the media, customers and clients, stakeholders, and the broader public to make enquiries regarding the cybersecurity incident (e.g. via email, telephone hotlines or social media)?

Further information

The Information security manual is a cybersecurity framework that organisations can apply to protect their systems and data from cyberthreats. The advice in the Strategies to mitigate cybersecurity incidents, along with its Essential Eight, complements this framework.

Contact details

If you have any questions regarding this guidance you can write to us or call us on 1300 CYBER1 (1300 292 371).

Was this information helpful?

Thanks for your feedback!

Optional

Tell us why this information was helpful and we’ll work on making more pages like it