The
Cyber Security Act 2024 (the Act) establishes the Cyber Incident Review Board (the Board) as an independent advisory body to conduct no-fault, post-incident reviews of significant cyber security incidents in Australia. An Expert Panel, drawn from a pool of industry sector experts will support the Board.
Recent cyber-attacks have shown that government and industry need to learn more from these events. The Board reviews will identify the contributing factors to cyber incidents to help sectors prepare for future cyber attacks. At the completion of a review, the Board will provide recommendations to government and industry on its findings. These recommendations aim to prevent, respond to or minimise the impact of similar incidents and uplift Australia’s cyber resilience in the future.
The Board will only review an incident after it has occurred and initial investigation and response efforts have been completed. Reviews will focus on a single incident or a group of similar incidents. These may share features such as attack method, type of system affected, or a known vulnerability.
The Board does not assign blame or determine who is responsible for an incident. Published reviews will not include personal or classified information, including anything that could affect national security, defence, or international relations of the Commonwealth.
Appointment of the Cyber Incident Review Board
On 1 May 2026, the Honourable Tony Burke MP, Minister for Home Affairs, Cyber Security and the Arts, announced the appointment of the Cyber Incident Review Board.
The Board is chaired by Ms Narelle Devine and comprises the following six standing members:
- Professor Debi Ashenden
- Ms Valeska Bloch
- Mrs Jessica Burleigh
- Mr Darren Kane
- Mr Berin Lautenbach
- Mr Nathan Morelli.
The Department thanks all individuals who applied for appointment to the Board. We encourage those interested in supporting the work of the Board to consider applying to the Expert Panel.
The Cyber Incident Review Board brings together some of Australia’s most experienced leaders and skilled experts in cyber security. The Board will play a pivotal role in strengthening national cyber resilience. It will review significant cyber security incidents, identify lessons learned, and make recommendations to uplift cyber security practices across government, industry and the community. Through this work, the Board will contribute to safeguarding Australia’s economic prosperity, national security and social cohesion.
The Expert Panel
The Expert Panel comprises professionals drawn from across the public and private sectors. Panel members bring expertise in cyber security, legal matters, and other relevant sector‑specific fields to support the Cyber Incident Review Board in the conduct of reviews.
Once established, the Board will undertake an Expression of Interest process to identify and appoint suitably qualified individuals to the Expert Panel.
The Cyber Security (Cyber Incident Review Board) Rules 2025 prescribe eligibility requirements for both the Board and the Expert Panel.
To be appointed to the Expert Panel, individuals must hold, or be eligible to hold, a Negative Vetting Level 1 (NV1) Australian Government security clearance. An NV1 clearance is required for consideration for appointment to a Review Panel convened to review specific cyber security incidents.
Further information for eligibility and the role of the Expert Panel can be found
here.
If you meet the eligibility criteria for the Expert Panel, you can register to receive a notification when the Board commences an EOI process.
You can do this by emailing your contact information to
CIRB.Enquiries@homeaffairs.gov.au.
