What is the difference between MFA 'available' and 'enforced' for insurance?

If MFA is only 'available', users can choose to skip it. For insurance compliance, MFA must be 'enforced' via conditional access policies, and legacy protocols (like Basic Auth) must be disabled to prevent attackers from bypassing the prompt.

What is ransomware and can I pay the ransom?

Ransomware encrypts your data and demands payment for decryption. Paying is not currently illegal in Australia but may violate sanctions laws if attackers are connected to sanctioned entities. Payment doesn't guarantee recovery and may fund criminal organisations.

What should I do if my crypto is stolen in a scam?

Act immediately. Report the incident to cyber.gov.au and notify any relevant exchanges with the TxID (transaction ID). A court can issue 'Freezing Orders' to stop funds from being withdrawn if they are traced to an exchange.

Can I accept crypto as payment for my QLD business?

Yes, you can legally accept crypto, but you must record the value of the transaction in Australian Dollars at the time of the sale for GST and income tax purposes. You must also comply with Australian Consumer Law.

Technology & Cyber Risk Law FAQs

Q: Why are cyber insurance claims being denied in Australia?

Insurers are denying claims for 'misrepresentation of controls'. This often happens when a business claims to have security like MFA or Essential Eight implemented, but investigation shows it wasn't enforced or legacy systems were left unprotected. Compliance with the Cyber Security Act 2024 is also a factor.

Q: When must my business report a ransomware payment?

Under the Cyber Security Act 2024, businesses with turnover exceeding $3 million must report ransomware payments to the Australian Signals Directorate within 72 hours. This is mandatory regardless of whether data is recovered.

Q: What should I do if my business suffers a data breach?

Act immediately. Under the NDB scheme, if a breach is likely to result in serious harm, you must notify the OAIC and affected individuals within 30 days. Engage legal counsel and forensic IT specialists immediately to contain the breach and assess your obligations.

Q: Does my business need a Cybersecurity Policy?

While not always legally required, the NDB scheme makes it practically essential. If you handle personal information, you must have a plan to prevent, detect, and respond to data breaches to avoid penalties and reputational damage.

Q: How do I protect my business intellectual property (IP)?

IP protection involves differing strategies: Trademarks protect your brand/logo (must be registered), Copyright protects your code/content (automatic), and Patents protect inventions. NDAs protect confidential trade secrets.

Q: What is Essential Eight Maturity Level 2?

Essential Eight Maturity Level 2 is the Australian Signals Directorate framework requiring implementation of eight cyber security mitigation strategies with centralized management. Insurers now require Level 2 as a minimum for coverage to ensure protection against more persistent threats.

Q: Can I use AI-generated content commercially?

Yes, but be careful. AI content generally does not receive copyright protection in Australia as it lacks a human author. You can use it, but you may not be able to stop others from copying it.

Q: Is cryptocurrency legal in Australia?

Yes, cryptocurrency is legal in Australia but it is not 'money' or legal tender. It is treated as an asset (property) for tax purposes. Profits from crypto trades are subject to Capital Gains Tax (CGT).

Compliance

How do I manage the legal risks of using Artificial Intelligence (AI)?

Using AI (like ChatGPT) in business creates risks regarding confidentiality, copyright ownership, and automated decision-making bias. Businesses should implement an ‘AUP’ (Acceptable Use Policy) that prohibits staff from inputting sensitive client data into public models and clarifies that the business, not the AI, is responsible for the final work product.

Technology & Cyber Risk Law FAQs

Important Legal Disclaimer

Compliance

How do I manage the legal risks of using Artificial Intelligence (AI)?

Does my business need a Cybersecurity Policy?

Does my business need a Privacy Policy?

Contracts

What are the key terms in a SaaS Service Agreement?

Who owns the software code my developer writes?

What terms are required for an E-commerce website?

Crypto & Digital Assets

Is Cryptocurrency legal in Australia?

What are the legal options if I am scammed in a Crypto transaction?

How are NFTs (Non-Fungible Tokens) treated under Australian law?

Cyber Insurance

Why are cyber insurance claims being denied in Australia?

MFA 'Available' vs 'Enforced': What does my insurer require?

Cyber Risk

When must my business report a ransomware payment under Australian law?

What should I do if my business suffers a data breach?

What is ransomware and what are my legal options if attacked?

What is business email compromise (BEC) and how can I protect my business?

What are my legal obligations under Australia's cyber security laws?

How should my business conduct a cyber risk assessment?

Cyber Security

What is Essential Eight Maturity Level 2?

How do I spot a scam email or text message?

Intellectual Property

How do I protect my business intellectual property (IP)?

Can I use AI-generated content commercially?

Do I need to register my copyright in Australia?

Risk Management

Does my business need Cyber Insurance?

Security

What are the legal risks of Cloud Computing and Data Hosting?