SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Australian students adults learning cybersecurity classroom laptops
#
Ransomware
#
Advanced Persistent Threat Protection
#
Risk & Compliance

Education & ownership vital to boost Australia’s cyber resilience

Fri, 1st Aug 2025
Author image
By Kaleah Salmon, Journalist

Key themes of education, ownership and preparedness have been highlighted as critical to enhancing Australia's resilience to cyber threats, following a discussion involving the National Cyber Security Coordinator and experts from Clayton Utz.

Increasing education efforts

Australia has faced a disproportionate level of cyber attacks in recent years, prompting calls for improved understanding of cyber risks across all sectors of society. In a recent webinar featuring Lieutenant General Michelle McGuinness, the importance of moving beyond compliance and fostering a culture of cyber security awareness was discussed.

In the session, it was noted that while numerous campaigns, such as "Act Now. Stay Secure." aim to inform the public about everyday steps to stay safe online, a focus on reaching vulnerable communities and those with language barriers remains vital. McGuinness emphasised that the upcoming Horizon 2 phase of the Australian Cyber Security Strategy places education at its core, particularly to assist vulnerable Australians and small to medium businesses in understanding and acting on cyber risks.

McGuinness noted the need for small businesses the thrive: "we need them to be innovating and not be paralysed so the more we can educate, the better we will be."

Efforts to broaden the reach of educational initiatives include translating the campaign into 30 languages and targeting diverse groups. McGuinness stated, "My goal is to have someone in every household in Australia speak about cyber security around the dinner table. That is why we need to make it accessible to everyone."

Encouraging ownership

The assumption that cyber security is solely the responsibility of IT specialists was challenged during the discussion. Lieutenant General McGuinness addressed this misconception by asserting, "The assumption is that cyber is the CISO's job. Or the computer guy's job. But responsibility doesn't sit with any of these. It is a leadership and a culture issue."

Brenton Steenkamp, cyber security expert at Clayton Utz, supported this by highlighting that readiness must begin at the individual level: "It is a shared responsibility that starts with individuals in their own home." Steenkamp likened the defence against cyber threats to a team sport, observing, "It is actually up to all team members to try and defend against cyber threats."

Steenkamp further suggested that redirecting focus from compliance to cultivating a proactive culture would improve resilience. McGuinness remarked on Australia's longstanding physical safety culture and the need to translate this into the digital environment: "As a nation, we have a great physical awareness culture. We have moved into the digital ecosystem and we need to bring this awareness in this the digital world. That is, we have to build a cyber security culture to match how we operate."

Regarding regulation, McGuinness clarified that a heavier regulatory burden is not the objective, stating, "we don't want to have the burden of greater regulation." Instead, she indicated a preference for "harmonisation and simplification" of existing regimes, underlining the importance of collaboration between government, business, and community.

Building preparedness

The need for preparedness was another key point. Utilising government resources to identify and address vulnerabilities and having a response plan for incidents were encouraged as basic steps for organisations and individuals.

The government's stance against the payment of ransoms for cyber incidents was reiterated, with Steenkamp commenting, "If we can get organisations to build preparedness, the threat of ransomware diminishes."

John Dieckmann, partner at Clayton Utz, warned that having contingency plans alone is insufficient if they are not regularly tested and updated. "The key is to practice them – for example, have we got the right backups to mitigate risk? Have you tested backups? What third party dependencies will be impacted?" he asked.

The discussion also touched upon emerging threats such as AI data poisoning, with panellists underscoring the need for sustained vigilance in this rapidly evolving area.

Steenkamp summarised the recommended approach for organisations and individuals as "Observe. Own. Overcome. That is observe our current state, own the risk and overcome and adapt when something goes wrong."

McGuinness ended by saying, "If I could tell you one thing – it would be to have an instant response plan. Have a plan and practice it. It is about when and not if. It is about our resilience and our ability to bounce back."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Keeper Security named Overall Leader in non-human identity management
ATEN unveils secure KVM switches with 5K video for defence use
Cyber-extortion incidents surge as criminals target small firms
Teleport wins AWS award for securing high-growth infrastructure
Finance teams brace for rising AI risks, fatigue & compliance in 2026

Top stories

DivisionHex launches new framework to streamline exposure management
HP predicts surge in AI-driven cyber threats & cookie theft by 2026
Hack The Box launches AI cyber range & unveils red team certification
Dynatrace expands AWS integrations & wins LATAM partner award
Asahi delays results as ransomware attack disrupts operations