Cyber wargames will see Australian banks and financial services companies brought together by the federal government to test their hack responses.

After a series of recent high-profile cyber attacks that exposed the personal data of millions of Australians, including those of Optus, Medibank, and Latitude Financial customers, the government says it needs to prepare for attacks on critical services.

“Australians have now experienced Optus, Medibank, and Latitude. In each breach, some data of millions of Australians was stolen. For our citizens, almost every Australian adult or a member of their family is probably the victim of a cyber attack,” Home Affairs Minister Clare O'Neil says. 

“We've experienced three really large-scale data breaches. The impacts are serious and real and consequential, a genuine and massive concern to me and the country.”

In February, the government announced that it would overhaul the $1.7 billion cybersecurity plan set up under Scott Morrison in response to the Optus and Medibank attacks. 

The government is also considering changes to the Security of Critical Infrastructure Act to include customer data and “systems” in the definition of critical infrastructure, giving the government power to intervene in major data breaches.

“We need to plan for utilities to go down, for hospital systems to be under attack. In this sense, Optus and Medibank were the tip of the iceberg,” Ms O'Neil said.

The government is also preparing to organise similar meetings with the aviation sector and other critical infrastructure, and it is considering a new Cyber Security Act that would impose new obligations and standards across industry and government.

“When you think about the impacts of the failure of a major hospital, or interruption of a traffic network, or serious disruption of our banking system, the impacts can get much worse,” said Ms O'Neil. 

“Consider what damage could be caused if attackers intentionally try to degrade trust in a major system we depend on - telecommunications, or banking.”