Australia's critical infrastructure is facing an increasingly challenging threat environment


As such the Australian Government is introducing a new bill to reshape Protecting Critical Infrastructure and Systems of National Significance.

What's the bill trying to achieve? Introduced in December 2020, the bill seeks to amend the Security of Critical Infrastructure Act (2018) to introduce an enhanced regulatory framework which now applies to 11 sectors in total, and requires, among other things, an 'all-hazards' critical infrastructure risk management program, with particular focus on cyber, physical, personnel, supply chains, and natural hazards risks.

Read more: Get ready for critical infrastructure reforms  >


Which sectors are affected?

Sectors subject to the enhanced regulatory framework include:



Data Storage


Financial Services

Health & Medical

Space Technology

Grocery & Food

Water & Sewerage



Achieving resilient infrastructure

KPMG has deep knowledge across all of the critical risk domains and sectors.

  • Provide foundational support to understand what the changes mean to you.
  • Assess your baseline security and physical risk and provide actionable strategies to address the fundamentals.
  • Identify and manage cyber risks in relation to your organisation's infrastructure.
  • Provide visibility of risks associated with your supply chain and the impact it will have on you, your people and the community.
  • Integrate critical infrastructure requirements into your wider control environment and transformation activities.

Realising the value in compliance

Helping you make the most of your investment – beyond just compliance.


Understand the impact of the reforms and how to comply.


Turning a legislative requirement into an opportunity for operational excellence.


Integrate the value to other key business activities, projects and transformation programmes.

Key benefits

KPMG provides four key benefits:


Gain clarity on where to start and how establish core foundational elements so that you can demonstrate that your programme covers the most significant risks facing your most critical assets.


Turn a legislative requirement into an opportunity to realise operational optimisation.


Ongoing assurance that all aspects of threat exposure are considered, including cyber, people and your supply chain.


Beyond compliance, security and resilience in your operations bolsters the trust of your customers, employees and the wider community. 

Related services and insights

KPMG services, insights and thought leadership related to critical infrastructure.

Meet the team

Contact our KPMG professionals below, or use the enquiry form

Request a conversation

To understand what the changes mean for you, connect with us today to receive an individual briefing.

Get started