Ransomware reporting isn’t just about recovery, it’s about evidence, accuracy, and timing. Under the Cyber Security Act 2024, Australian businesses that meet the $3 million annual turnover threshold (or operate in critical infrastructure) are now legally required to report ransomware-related payments to the Australian Signals Directorate (ASD) within 72 hours.
Ransomware attacks on small to midsized businesses are rising sharply in Australia. The ACSC received over 94,000 cybercrime reports in the 2022–23 financial year, a 23% increase year on year. One in five were ransomware or extortion related. With fines and reputational fallout on the line, businesses need a smarter way to prepare.
But compliance takes more than knowing the deadline. It demands systems that log activity correctly, processes that assign responsibility, and preparation that turns chaos into clear communication. This blog breaks down what a “reporting-ready” business actually looks like and how CyberCert Gold supports that readiness from the ground up.
What reporting-ready really involves
When ransomware hits, 72 hours can disappear quickly. And while most businesses understand the new law requires notification, far fewer are set up to do it properly.
The Cyber Security Act 2024 outlines five key areas that must be included in a ransomware payment report to the ASD. But knowing what to report is only part of the equation, knowing how to gather it, who is responsible, and where that information lives is where businesses often fall short.
To meet the 72-hour requirement, your business needs to be able to:
- Access incident logs that haven’t been overwritten
- Trace what was paid, by whom, and why that decision was made
- Retrieve communication with the attacker, including screenshots or emails
- Understand what system vulnerabilities were exploited even if those systems have since been patched
- Provide a timeline of impact: when the incident started, when it was detected, when you responded
In most cases, that information is split across IT teams, third-party providers, email accounts, and backups and pulling it together quickly without a plan can delay your entire response.
This is what being “reporting-ready” really means: not just knowing what’s required, but building a business environment where that evidence is already captured, organised, and ready to use.
Why many businesses struggle to comply
Even with the best intentions, many small businesses find themselves caught off guard. There may be tools and backups in place, but when roles aren’t defined, and systems aren’t integrated, it becomes incredibly difficult to respond in a coordinated way.
Responsibilities can be unclear. Logs may be overwritten or lost. Staff might not know who to notify, or what actions to take. These are the kinds of operational breakdowns that turn a manageable incident into a major business risk.
CyberCert Gold: a framework that prepares you before, during and after
CyberCert Gold, part of the SMB1001 framework, gives small businesses a clear, structured pathway to ransomware readiness.
Before an incident, it helps you:
- Define clear roles for escalation and reporting
- Build an incident response plan with tested procedures
- Train your team on what to recognise and how to act
During an incident, it supports:
- Real-time logging and secure access to evidence
- Coordinated workflows for response and communication
- Consistent actions aligned to legal requirements
After an incident, it enables:
- Structured restoration from secure backups
- Submission of a complete ASD report with confidence
- Retention of key documentation for insurance and audit purposes
CyberCert Gold helps ensure nothing is left to chance, and everything needed for compliance is already built into how your business operates.
Legal obligation and a competitive advantage
Compliance matters, and to your stakeholders, so does trust. A certification like CyberCert Gold signals to your customers, partners and insurers that your business is responsible, resilient and proactive.
In a 2024 AustCyber survey, over 64% of Australian SMEs reported losing customers after a cyber incident. Taking steps now to implement a recognised framework help you recover faster and retain relationships and move forward stronger.
Cyber insurers also recognise SMB1001 certification levels in their risk assessments. That can mean smoother application processes, faster claims, and potential premium savings.
Take the first step to compliance
You likely already have many of the tools in place, what’s missing is the structure. CyberCert Gold helps you tie it all together.
Start by speaking with [company name] about where your current response plan stands today. We will review whether logs are retained, responsibilities are clear, and staff know how to act. From there, a readiness assessment can identify gaps and start your pathway to certification.
Choose ransomware readiness
Cybersecurity expectations for SMBs are evolving and ransomware readiness is now part of the baseline. Being able to respond within 72 hours isn’t just about avoiding fines. It’s about showing you’re serious about protecting your business, your customers and your future.
CyberCert Gold helps you get there with a framework that’s achievable, recognised, and built for small business.
When incidents happen, structure matters and readiness is your best response.