Who should I report a cyber security incident to?

What is a cyber security incident?

In general, cyber security incidents include but are not limited to:

  • attempts to gain unauthorised access to a computer system or its data
  • unwanted disruption or denial of service
  • unauthorised use of a system for processing or storing data
  • changes to system hardware, firmware or software without the knowledge or consent of the system owner

How do I report a cyber security incident?

To report a cyber security incident to CERT Australia please visit the Contact us page.

Who needs to contact CERT Australia?

Organisations that have concerns or information about cyber security threats or incidents are encouraged to contact CERT Australia. The international CERT community are also encouraged to contact CERT Australia regarding cyber security issues impacting Australia.

Home user

If home users believe that an online transaction has been compromised they should contact their bank or online provider. If home users believe that their internet connection has been compromised they should contact their Internet Service Provider (ISP). CERT Australia is establishing close working relationships with the Australian Internet industry.

Home users are encouraged to visit Stay Smart Online. This website outlines the simple steps Australian home users can take to protect their personal and financial information online. The Stay Smart Online website also contains a free alert service that provides plain language information on the latest cyber security threats and vulnerabilities and how to address them.

Cyber crime involves the unauthorised access to or impairment of computer systems and may constitute an offence under the Commonwealth’s Criminal Code Act 1995 and/or State and Territory criminal laws. If home users suspect that they have been the victim of cyber crime they should report it to the appropriate State or Territory police service.

All Australians will soon have access to important and timely information on cyber threats and vulnerabilities, free of charge, from the CERT Australia website.

Small to medium enterprise (SME)

If SMEs believe that an online transaction has been compromised they should contact their bank or online provider. If SMEs believe that their internet connection has been compromised then they should contact their ISP. CERT Australia is establishing close working relationships with the Australian Internet industry.

SMEs are encouraged to visit Stay Smart Online. This website outlines the simple steps Australian small business can take to protect their business and financial information online. The website also has a self-assessment tool for small businesses, which is designed to help them improve their online security practices and processes.

In addition, the Stay Smart Online website contains a free alert service that provides plain language information on the latest cyber security threats and vulnerabilities and how to address them.

Cyber crime involves the unauthorised access to or impairment of computer systems and may constitute an offence under the Commonwealth’s Criminal Code Act 1995 and/or State and Territory criminal laws. If SMEs suspect that they have been the victim of cyber crime they should report it to the appropriate State or Territory police service.

All Australians will soon have access to important and timely information on cyber threats and vulnerabilities, free of charge, from the CERT Australia website.

Large organisation

If large organisations believe that an online transaction has been compromised they should contact their bank or online provider. If large organisations believe that their Internet connection has been compromised, they should contact their ISP. CERT Australia is establishing close working relationships with the Australian Internet industry.

Cyber crime involves the unauthorised access to or impairment of computer systems and may constitute an offence under the Commonwealth’s Criminal Code Act 1995 and/or State and Territory criminal laws. If large organisations suspect that they have been the victim of cyber crime they should report it to the appropriate State or Territory police service.

All Australians will soon have access to important and timely information on cyber threats and vulnerabilities, free of charge, from the CERT Australia website.

GovCERT.au stakeholder or critical infrastructure organisation

CERT Australia’s primary responsibility is to develop close working relationships with critical infrastructure organisations and businesses that operate systems that are important to Australia’s national interest. In this way, CERT Australia is able to help ensure that important services that all Australians rely on in their daily lives are secure and resilient. These organisations previously interacted with GovCERT.au.

GovCERT.au functions and services have now been incorporated into CERT Australia, and will continue as a normal part of CERT Australia’s core functions. This means that existing GovCERT.au stakeholders can now take advantage of additional services as CERT Australia stakeholders. In addition to any internal or regulatory requirements that may be in place, CERT Australia stakeholders can report threats and incidents to CERT Australia via the telephone number that has been provided to them. This telephone number assists CERT Australia to rapidly respond to incidents impacting those services that are critical to the lives of all Australians.

Organisations that believe they represent critical infrastructure but are not currently a CERT Australia stakeholder, can contact CERT Australia using our email address: info@cert.gov.au.
NOTE: Organisations should consider the sensitivity of information sent to this email address as it will be ‘in the clear’ and not secure. If needed secure communication channels for sensitive or incident related information are available on request.

Cyber crime involves the unauthorised access to or impairment of computer systems and is likely to constitute an offence under the Commonwealth’s Criminal Code Act 1995 and/or State and Territory criminal laws. If existing GovCERT.au stakeholders (now CERT Australia stakeholders) suspect that they have been the victim of cyber crime they should report it to the Australian Federal Police.

Commonwealth or State and Territory government agency or organisation

In addition to any internal or regulatory requirements that may be in place, all government agencies or organisations should continue to report cyber security incidents to the Defence Signals Directorate (DSD), which is responsible for information security advice and assistance for government agencies.

What will happen to information provided to CERT Australia about a cyber security event?

In addition to being used for incident response purposes, as required, de-identified information will be incorporated into a summary report used to determine Australia’s overall cyber threat environment.

Will information provided to CERT Australia be treated confidentially?

Any information provided to the Australian Government will be treated in confidence, unless disclosure has been authorised by the originating organisation or is required by law.

As CERT Australia is managed by the Australian Government, the Privacy Act 1988 and Section 70 of the Crimes Act 1914 (disclosure of information by Commonwealth officers) applies to all information provided to CERT Australia.