Australia has become the first country to introduce a ransomware reporting law, and it could impact MSPs everywhere in the world.
Since May 30, any business operating in the country with an annual revenue of over AUD $3 million has been required by law to report any ransomware attacks and cyber extortion payments within 72 hours.
Whether the ransoms are paid in crypto, cash, goods, or services, companies are legally obliged to tell the Australian Signals Directorate about any payments. And there are big penalties—fines to the tune of almost $20,000—for anyone who doesn’t. If a ransom demand is not paid, however, the business has no obligation to report it.
The new law may well be the start of a tectonic shift—not just in how security breaches are reported, but how they’re responded to and defended against.
If you’re an MSP in Australia, you’ll probably already be living this new reality with your customers—if not, consider this your wake-up call!
But MSPs, MSSPs, ITSPs, IT-Systemhäuser, System Integrators, FSMs, Proveedores de TI and the rest of our global digital transformation community shouldn’t just sit back and wait to see how this plays out: the EU, the UK, and the US are looking to follow suit with their own versions of this legislation.
Last year, there were an estimated 19,000 ransomware attacks in the UK alone. One was enough to completely sink a 158-year-old transport company. And renowned retailer Marks & Spencer is still recovering from an attack four months on.
It’s time for MSPs to get organized.
Why was the ransomware law implemented?
The Australian government introduced this legislation to learn more about ransomware incidents. Until now, regulators had little insight into the scale, specifics, and impact of cyber extortion.
As it turns out, cyber extortion is rife Down Under. Recent Arctic Wolf research found that 85% of respondents across Australia and New Zealand had experienced a ‘significant’ cyberattack in the past 12 months (compared with the 76% global average)—and 83% paid up.
Mandatory reporting aims to:
- Deter attackers by reducing the incentive to ransom
- Supply law enforcement with timely intelligence
- Improve national cyber resilience through better data sharing
If you’re an MSP with clients or a footprint in Australia—regardless of where you or your customer is headquartered—you fall within the law’s scope. The reporting responsibility ultimately falls to your customer—but MSPs must be ready for the demands customers will make in the face of an attack.
MSPs are the first point of contact
When a customer faces a ransomware attack, the first person they’re going to call is you, the MSP. Subsequent calls could come from the regulator, so you should be ready to provide:
- Comprehensive logs showing the attack method and timeline
- Proof of any ransom payment, including transaction records
- Verification of backup integrity and restoration attempts
- Documentation of roles and responsibilities under your SLA
- Coordination with incident response teams, legal counsel, and insurers
Security breaches aren’t just an IT issue now. They’re reputational—and may soon be legal for more and more countries. Having predefined reporting workflows and clear playbooks for incident response will make your life—and your customers’ lives—easier.
Security as standard, not an add-on
We keep saying it, but MSPs can’t just have security as an add-on feature—it’s now a core product requirement.
This could mean integrating:
- Advanced detection tools and continuous monitoring
- Regulator-friendly logging with solid audit trails
- Automated incident logging and evidence chains
- Built-in reporting dashboards aligned to local regulations
- Secure, dedicated communication channels for crisis response
Building these features into your platform and service offering, rather than bolting them on, is going to set you apart in an increasingly competitive market. Cyber attacks and breaches are hitting the headlines week after week, so savvy MSPs have a real opportunity to step up and lead from the front.
Small or medium MSP? Considering partnering up
If you’re a smaller MSP, you may lack in-house resources to build full security features into your stack and reporting capabilities. To bridge the gap, consider partnerships with:
- Established MSSPs for 24/7 threat monitoring
- Incident response firms for forensic and crisis support
- Compliance specialists or legal advisors familiar with cyber regulations
- Cloud security platforms offering turnkey reporting and log management platforms
Forging these alliances will enable you to scale compliance services quickly without the massive upfront investment.
Your next-step checklist
Preparation is the best form of defense, and showing that you can help your customers bounce back if attackers do get in is just as important. MSPs should:
- Review and update incident response guidelines to support customers now and in readiness for new laws
- Audit existing logging and forensics capabilities, bearing in mind any existing or upcoming regulatory requirements
- Train support and sales teams on new reporting obligations and customer guidance
- Revise SLAs to clearly define the MSP’s role in ransomware detection, reporting, and recovery. You can even consider building security management and compliance into your SLAs with customers from the outset
- Engage with customers proactively to assess their needs and adjust service offerings
- Select and team up with compliance and incident response partners
Australia’s law is just the beginning
The UK has already launched a consultation to increase cyber incident reporting—and the US and the EU are also exploring their own reporting rules. MSPs who embed rock-solid reporting and response frameworks into their services now will come out on top: it’s not just a case of gaining trust and making your existing customers cyber resilient. It has the power to win you new business, too.
October 22-23, 2025 – 
PortAventura Theme Park (Barcelona), Spain