Cyber Security Minister Clare O'Neil says Australia needs to "wake up out of the cyber-slumber", flagging a slew of reforms designed to protect personal data including making it illegal to meet ransom demands.

A day after calling online hackers "scumbags" while announcing a new cyber task force, Ms O'Neil said there were compelling reasons to make it illegal for companies to try to buy their way out of trouble.

"The idea that we're going to trust these people to delete data that they have taken off and may have copied a million times is just frankly silly," she told Insiders on Sunday.

The federal government has backed Medibank's decision not to pay a $15 million ransom to prevent the release of customer data.

"We're standing strong as a country against this, we don't want to fuel the ransomware business model," Ms O'Neil said.

The Australian Federal Police (AFP) on Friday outed Russian cyber criminals as behind the Medibank hack, which has led to highly sensitive customer data being posted on the dark web.

Privacy laws a 'national vulnerability'

Tighter regulation could also extend to data retention, something Clare O'Neil described as a "national vulnerability".

Former customers of Optus and Medibank who hadn't been with the companies for up to a decade have been caught up in the hacks.

"What we need to make sure is that companies are only holding data for the point in time where it's actually useful," she said.

Data retention forms part of a review of the Privacy Act currently being undertaken by Attorney-General Mark Dreyfus.

Minister concedes difficulty jailing cyber criminals