The federal government will bring major banks and financial services companies together to practice responses to future cyber attacks.
It comes after a spate of high-profile hacks exposed the data of millions of Australians, including customers of Latitude Financial, Medibank and Optus.
Home Affairs Minister Clare O'Neil said Australians were becoming increasingly familiar with the reality of cyber attacks.
"Australians have now experienced Optus, Medibank and Latitude. In each breach, some data of millions of Australians was stolen. For our citizens, almost every Australian adult or a member of their family is probably the victim of a cyber attack," Ms O'Neil said.
"We've experienced three really large-scale data breaches. The impacts are serious and real and consequential, a genuine and massive concern to me and the country."
In February, the government announced it would overhaul a $1.7 billion cybersecurity plan set up under Scott Morrison in the aftermath of the hacks of Optus and Medibank.
It is also preparing for potential attacks on critical services like hospitals, the traffic network and the banking system.
"When you think about the impacts of the failure of a major hospital, or interruption of a traffic network, or serious disruption of our banking system, the impacts can get much worse," Ms O'Neil said.
"Consider what damage could be caused if attackers intentionally try to degrade trust in a major system we depend on — telecommunications, or banking.
"We need to plan for utilities to go down, for hospital systems to be under attack.
"In this sense, Optus and Medibank were the tip of the iceberg."
The exercises with the banks and financial services sector will test the potential impact on the economy. The government will also organise similar meetings with the aviation sector and other critical infrastructure.
The government has flagged the need to rewrite the nation's security laws.
Among considerations are changes to the Security of Critical Infrastructure Act to include customer data and "systems" in the definition of critical infrastructure, to give government power to intervene in major data breaches.
The government is also considering a new Cyber Security Act that would impose new obligations and standards across industry and government.