Rules Mate

Guidance

SOCI cyber security incident reporting

12-hour critical / 72-hour other cyber incident notification.

In plain English

This guidance explains how critical infrastructure entities must report cyber security incidents to the Australian Signals Directorate.

The guidance applies to critical infrastructure entities. It details reporting requirements for cyber security incidents. Critical incidents must be reported within 12 hours. Other incidents require reporting within 72 hours. This guidance is available on the CISC website.

Why it matters

If your business is critical infrastructure, you must report cyber incidents promptly. Failure to do so could impact operations and reputation. Understand your obligations to maintain resilience.

governancebreach-reportingprivacytelecommunications

AI-assisted summary, grounded in the source link below. Generated 2026-05-23 via gemma3:12b.

Issuing regulator

HOME-AFFAIRS-SOCI

Topics


Source: https://cisc.gov.au/legislative-information-and-reforms/critical-infrastructure. Rules Mate indexes + summarises; always verify against the regulator's live publication.