Critical infrastructure

Significant reforms to Australia’s critical infrastructure legislation are now in force. This legislation will drive security uplift across our nation’s critical infrastructure sectors, which have been expanded from four to 11, with a key focus on bolstering cybersecurity. Captured sectors provide essential services to Australians and are vital to ensuring our national security and way of life.

Manage risk, find efficiencies and help secure Australia

The central feature of the legislation is the requirement for critical infrastructure asset operators to demonstrate adequate risk management, using an all-hazards approach. Under the legislation critical infrastructure entities must reasonably demonstrate they have aligned to legislative requirements through a Board-level attestation to the Minister for Home Affairs. 

Aside from compliance, there are significant flow-on benefits for companies investing in effective risk management planning. Taking an all-hazards approach to your enterprise will improve resilience, help identify scenarios where unanticipated costs and risks could arise and uncover opportunities for greater efficiencies. 

There is no one-size-fits-all approach to critical infrastructure risk management - every organisation is unique and requires risk management solutions tailored to its specific needs. A cornerstone of the reforms is the ability for captured entities to demonstrate they are taking reasonable steps to mitigate threats. Engaging with the reforms and finding the right solution for your organisation is an opportunity to find efficiencies, manage risk and ultimately help secure Australia.

As a firm whose purpose is to build trust in society and solve important problems, we are here to help your organisation. 

What sectors are captured?


Financial services and markets

Space technology

Food and grocery

Food and grocery


Defence industry

Health care and medical

Water and sewerage


Higher education and research

An important problem we're committed to solve

At PwC, we’re passionate about protecting Australia’s critical infrastructure, which is so central to our way of life and national security. We are proud to play an important role in advancing our nation’s critical infrastructure security, working across the industry spectrum to build resilience. Our experts played an active role in consultations into Australia’s revised critical infrastructure regime and continue to stay abreast of the latest developments in the space, ensuring accurate, current and timely advice.

Follow PwC Australia

Required fields are marked with an asterisk(*)

By submitting your email address, you acknowledge that you have read the Privacy Policy and that you consent to our processing data in accordance with the Privacy Policy (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Contact us

Robert Di Pietro

Cybersecurity & Digital Trust Leader, PwC Australia

Tel: +61 418 533 346

Mike Younger

Partner, Cybersecurity & Digital Trust, PwC Australia

Tel: +61 490 093 981

Zoe Thompson

Director, Cybersecurity & Digital Trust, PwC Australia

Tel: +61 472 675 510