SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Digital shield protecting australia map cyber threats illustration
#
Advanced Persistent Threat Protection
#
Risk & Compliance
#
Data Privacy

Australia urged to unify cyber defences as threats intensify

Tue, 8th Jul 2025
Author image
By Melania Watson, Interview Editor

Australia's cyber security ecosystem is facing a relentless tide of state-based threats and cyber crime, testing the resilience of businesses and the nation's critical infrastructure in a landscape marked by increasingly complex digital interdependencies. Senior government and industry leaders, speaking at the AUSCERT 25 event, underscored the pressing need for coordinated action, stronger policy, and clear leadership to defend against risks that extend well beyond national borders.

State-aligned actors remain a formidable presence, with China and North Korea commonly cited as leading sources of attacks targeting Western countries. "We continue to face state-based threats… it is pervasive. It's the system," said Michelle, Australia's National Cyber Security Coordinator, highlighting the dual challenge of espionage and sabotage, separate from the ongoing onslaught of cyber crime impacting everyday citizens. The inexorable march of cyber operations into the heart of conventional warfare-exemplified by destructive campaigns in Ukraine-demonstrates how cyber is now an integral facet of national security, not merely an ancillary risk. But Michelle warned: "What we're seeing across the globe we can't accept as a norm. It is not. It is pre-position… and unacceptable." She continued to advocate for international alignment, "We have to come together, like-minded around the world, and ensure that we uphold cybersecurity norms."

The Australian cyber ecosystem, while considered robust, is quick to acknowledge its gaps relative to peers such as the US and UK-especially in technology adoption and regulatory implementation. Industry leaders identified the maturity gap as a pressing issue, pointing to proactive policies abroad such as mandatory zero-trust postures and AI-specific guidelines. "They are far ahead of us… already AI policy have implemented, GDPR is kind of stuff, but we are behind," commented one industry executive. Responding, Michelle stressed the need to harness local capability and drive comprehensive policy based on industry-wide consultation: "I don't think we're far behind in policies, but these are really important reflections… we are undergoing consultation with industry where we can drive better cyber security." Yet the challenge persists as many Australian businesses, particularly in advanced cyber-intensive sectors, choose to expand offshore in pursuit of supportive regulatory and commercial environments.

The nation's strategic partnership with the United States remains a cornerstone of its cyber posture. Despite turbulence in broader trade and diplomatic relations, the security relationship is foundational and unshaken, particularly around information-sharing and best-practice alignment. "Our allies, the US, are our premier ally, really, and that continues to be strong," Michelle affirmed. The alignment is seen as resilient and bipartisan, reflecting the cross-jurisdictional nature of digital threats. "We are all facing the same threats, and we need to come together and move forward. We are stronger together. We're safer together, and I don't see a change in that."

On the regulatory front, the burden of mandatory reporting remains a contentious issue for businesses responding to attacks. The multiplicity of overlapping requirements can distract from immediate crisis management, and industry participants advocated for more streamlined mechanisms. Michelle acknowledged the pain points: "We are an initiative… to streamline single portal reporting… working with our regulators across the economy to actually have that single point where you reach out," referring to ongoing reforms aimed at centralising incident notification to the Australian Cyber Security Centre. However, she cautioned that critical market stability requirements will remain for regulated sectors, making regulatory harmony a complex undertaking. "We are looking constantly at how we can make it easier with a view that also supporting rapid recovery."

Australia's evolving anti-ransomware stance remains under close scrutiny, especially as the scale and sophistication of attacks proliferate. While the government stops short of criminalising ransom payments, it firmly cautions against them. "The government does not ever recommend you paying. It's not legislated against, but… I have worked through this with a number of boards and I'm yet to find a scenario where (the) problem is solved by paying," Michelle said. Data suggests that over 80% of victims who pay a ransom are then re-targeted, with little assurance that stolen information will not be used for further extortion. "If your information is gone, you still have an obligation to declare and to remediate… people who pay in the hope to get information back… the information continues to be used to extort, exploit and prefer cyber crime."

The importance of collaboration-within and between organisations, and with government-was a recurrent theme. Joe Masters of By Demands, a security consultancy, singled out the skills shortage as a critical bottleneck for Australian cyber resilience. "We just need to be upskilling… it is not just one person's job in your organisation. Every department head owns this responsibility." He advocated for a broader, family-oriented education approach, warning that the human element remains the weakest link despite technical controls: "We need to educate their families as well, because there are just so many multi channels that people are using to do these cyber attacks now."

As digital risk permeates all layers of the economy, the message to boards is unequivocal: cyber security is a leadership and risk prioritisation issue requiring dedicated resources and strategic focus. "It is a leadership issue. It is a risk issue. It is a resource prioritisation issue," Michelle emphasised, urging boards to place cyber at the centre of their governance agendas. "We have great collaboration and cross large industry… but that is a key message for the society, reacting and responding to that. But we need to keep pushing it out, because this is everyone's business."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Ping Identity names Adnan Chaudhry Chief Revenue Officer
Exabeam launches AI agent behaviour analytics tools
Security now central to business decisions, says report
Automation vital as TLS certificate lifespans shrink
Ping Identity buys Keyless to boost biometric security

Top stories

Black Hat to debut cyber war room documentary in Vegas
2026: Resilience, the new foundation of cybersecurity
AI’s 2026 security fallout: identity chaos & deepfake fear
ADLINK gains IEC 62443-4-1 nod for secure edge R&D
Agentic AI double agents expose dangerous security gaps