Horizon 2 of the 2023–2030 Australian Cyber Security Strategy

Submission Date: 8 September 2025

The Law Council of Australia provided a submission to comment on Horizon 2 of the 2023–2030 Australian Cyber Security Strategy. In doing so, the Law Council continues to emphasise the need to ensure proportionality, consistency, and certainty within the regulatory landscape, while recognising the very real and potentially devastating impacts of cyber security threats.

The Law Council commends the Australian Government’s speed in executing its Horizon 1 priorities during a crowded whole-of-government reform agenda. The Law Council is pleased to be actively involved in the development of a ransomware reporting framework and the rollout of various messaging and education campaigns.

Horizon 2 now represents an opportunity to embed cyber security messaging across society and empower businesses—especially small to medium businesses (SMBs)—to identify and proactively address cyber security risks.

Horizon 2 will be defined by its interaction with new developments in artificial intelligence (AI) and quantum technologies, and by how it aligns any developments with productivity outcomes. The fundamental challenge for the Australian Government will be to balance the tension between promoting regulatory and compliance obligations for businesses that are not unduly burdensome, whilst developing enhanced privacy and cyber security related outcomes for individuals and entities across Australia.

Given the significant detriment caused by cyberattacks and data breaches on individuals and organisations, including the costs incurred, cyber security management should no longer be considered optional. It is, therefore, critical that organisations of all sizes implement robust cyber security measures, supported by relevant minimum standards and codes. However, any such regulatory framework must be appropriately balanced so as not to unduly discourage innovation, and investment in innovation, in Australia.

In this submission, the Law Council highlights the specific challenges faced by SMBs in uplifting cyber security arrangements, with an emphasis on the unique circumstances of small legal practices. Key focus areas for the Law Council at this stage of the consultation are:

• the role of Horizon 2 in encouraging awareness of cyber security standards and providing a clear pathway for SMBs to understand what they may reasonably achieve with limited resources, coupled with implementation and targeted support;
• the benefits of a regulatory impact analysis with respect to any specific actions and initiatives relating to small businesses, to ensure the next stage of the Government’s response adequately considers the impact on SMBs and allocation of sufficient government funding to support uptake and ongoing compliance;
• the growing profile of government and industry cyber security leaders deploying cyber security awareness and messaging, and the need for these voices to continue to be elevated across all levels of society; and
• the need for the Australian Government to support the private sector by ensuring consistency and education across public entities, especially among procurement officers and decision makers (not just its technical experts), so that there is a shared and consistent knowledge.

In addition, the Government should provide targeted grants, incentives, or subsidies to assist small businesses, including small legal practices, to encourage uptake of better cyber security practices. Without this support, small businesses risk being excluded from Government contracts and partnerships with larger businesses, weakening regional economies and limiting national supply chain resilience.

The Law Council looks forward to continuing to engage with the Australian Government as it refines Australia’s regulatory, legislative, and policy settings to build national cyber security resilience and enhance cyber security across the economy.

Last Updated on 09/09/2025

Share

• Share this on Twitter
• Share this on LinkedIn
• Share this on Facebook

Tags

• Submissions Cyber Security

Most recent items

Trending Items