Hi AMJ1
You are not alone in your concerns however, The Optus security breach needs to be put into a perspective that this forum isn't the place for.
I have clients from 12 years ago who are only just getting to accept the need for putting their file online - and that the security around this is a whole lot different from the aspect of the Optus breach.
For just some perspective - the place you keep your local file and protect it with lightweight passwords is a whole lot less secure and open to a whole lot of likely security breaches than a secure online facility offered by MYOB - and no I am not saying that it isn't without risk - there is no such thing as 100% security - but most businesses "so called local environment is extraordinarily open and never gets audited" -
And a fortress like structure that offers perfectly securiity just attracts vulture hackers to try.
It is a balance - from my perspective of being in this environment for over 35 years - and that internet computing and data storage is common place - putting your file online is a very good security consideration to the problems of storing it locally. Also, a high proportion of security breaches are insiders!!
However, to your problem - no your file does not need to be online for STP I - and payroll reporting works perfectly (well untill 2022.8 - there is a problem).
However, from Jan 2023 when STP II becomes compulsory - your file must be online for STP II to function.
The Doc