Guidance
SOCI cyber security incident reporting
12-hour critical / 72-hour other cyber incident notification.
In plain English
This guidance explains how critical infrastructure entities must report cyber security incidents to the Australian Signals Directorate.
The guidance applies to critical infrastructure entities. It details reporting requirements for cyber security incidents. Critical incidents must be reported within 12 hours. Other incidents require reporting within 72 hours. This guidance is available on the CISC website.
Why it matters
If your business is critical infrastructure, you must report cyber incidents promptly. Failure to do so could impact operations and reputation. Understand your obligations to maintain resilience.
AI-assisted summary, grounded in the source link below. Generated 2026-05-23 via gemma3:12b.
Issuing regulator
HOME-AFFAIRS-SOCI →Topics
Source: https://cisc.gov.au/legislative-information-and-reforms/critical-infrastructure. Rules Mate indexes + summarises; always verify against the regulator's live publication.