Blog icon

By  Kerisha Parkes 30 January 2025 5 min read

Key points

  • Cybercrime is a significant and costly threat to Australian businesses, impacting finances, reputation, and consumer trust.
  • Continuous employee education and proactive cybersecurity measures are essential to defend against increasingly sophisticated AI-powered attacks.
  • Experts recommend immersive training, zero-trust policies, and robust incident response plans to stay ahead of cyber threats.

Cybercrime is increasingly one of the most significant threats to Australian businesses, costing millions each year. But it’s not just about the financial consequences. A hack could lead to exposed trade secrets, regulatory fines, lawsuits, and loss of consumer trust and overall brand reputation.

The 2022 Optus data breach underscores the far-reaching consequences of cyber vulnerabilities. Beyond financial losses, the company lost about 10 per cent of their users within six months. The breach also triggered significant legal implications with fines and class-action lawsuits lodged against them.

Cyber-attacks are also becoming more sophisticated due to advancements in AI. This is a big concern. While extensive research is underway to develop better detection tools, Dr Sharif Abuadbba, a deepfake expert in our Data61 team, warns against over-reliance on these technologies.

“It becomes an AI versus AI competition. This makes it unreliable, so the details and context of incidents end up needing to be reviewed anyway,” Sharif said.

Organisations need to stay ahead by continuously reviewing, preparing and innovating their cybersecurity measures. Check out these expert-backed tips to strengthen your cyber defences and protect your business.

A holographic warning sign is showing, mid-air in front of a person using a laptop.

1. User education can make all the difference

Employees are your organisation’s first line of defence against cyber threats – whether they’re managing visitor logs or handling classified documents. As Dr Lauren Ferro, Human-centric Security Research Scientist also with our Data61 team, reminds us, human error is a business’ primary vulnerability.

“People let down their guard, thinking they have nothing useful for a cybercriminal to take. However, these individuals can be used as the gateway into their organisation. Employees need to be informed of the risks and potential consequences,” Lauren said.

“Cyber risks extend beyond work. Personal information shared on social media can be used to create highly personalised attacks that compromise security,” she said.

She also advises that education be continuous, with regular updates on the latest developments and threats to watch out for.

2. Encourage employees to feel confident saying no

For businesses in Australia, email compromise is the most prominent cybersecurity threat. Examples of this include fake invoices or requests to transfer money, often appearing to come from trusted sources.

“An email from a familiar contact isn’t always legitimate,” Lauren said.

Email compromise typically occurs through phishing, where attackers trick employees into revealing sensitive information or clicking on malicious links. Once they gain access, cybercriminals can manipulate email threads, impersonate executives, and divert funds.

Sharif highlighted the importance of empowering employees to confidently refuse actions that deviate from established business processes.

“If they’re following agreed business processes, even if it’s the CEO requesting an urgent funds transfer, they shouldn’t fear getting in trouble. Use well-defined, well-documented processes within your organisation as a measure to detect and defeat deep fakes, even if you don’t have the tools,” Sharif said.

A man and woman stand together in a room with many computers behind them. Both are looking at a laptop help in the woman's hands.
Organisational cybersecurity relies on user education and training.

3. Move beyond theoretical training

While most organisations offer cybersecurity training through online modules, one of the most effective ways to prepare employees for the reality of a cyber-attack is an immersive simulation. Interactive training helps employees test their knowledge and identify weaknesses in a safe and controlled environment.

Lauren highlights the effectiveness of Corporates Compromised, an immersive cybersecurity tabletop exercise that we developed with the Cyber Security Cooperative Research Centre (CSCRC). The exercise places participants in various organisational roles and guides them through simulated cyber-attack scenarios. Participants gain hands-on experience without the risk.

“It is important that these practical exercises exist. By engaging directly with a cyber-attack and seeing the consequences of their decisions play out, participants gain tangible insights and experience,” she said.

4. Proactively protect your customers

Cybersecurity breaches are not just about losing financial assets. Organisations also have their brand reputation and consumer trust at risk.

“When we talk about cybersecurity, trust is a huge thing,” Lauren said.

“A cyber-attack affects more than just data – it impacts public trust, investors and other stakeholders. It’s hard enough getting people to trust the quality of your product or service, let alone regain it when breaches happen.”

One way to build consumer trust is to show that their cybersecurity is actively being considered. For example, organisations can ensure that multi-factor authentication is available for customer logins and that users can easily control the data that is being collected.

Organisations are expected to protect the customer data that they capture and use.

5. Be prepared – assume the worst

With threats and attacks becoming increasingly common, organisations should assume that they will be attacked, or that a threat will slip through the cracks.

Sharif suggests using proactive protocols and zero-trust policies. These mean that requests should be assumed fake until verified.

Jamie Rossato, our Chief Information Security Officer, also provides his tips for a good incident response plan.

“Anyone who plays sports will know that it’s the preparation you put in before the event that ultimately determines your effectiveness,” Jamie said.

“How are we prepared for the incidents that we believe are likely to happen? Or that we can see impacting other organisations?”

“Do all stakeholders understand their roles and responsibilities? Are they trained to act?”

“The response should be able to be performed even with a key player missing,” he said.

Protecting your organisation

For organisations, cybersecurity in this modern age is not just about protecting assets, but also about protecting reputation and consumer trust. By prioritising education, training and preparation, your organisation can stay cybersafe.




Stay ahead of cyber threats with the latest research from Data61

Contact us

Find out how we can help you and your business. Get in touch using the form below and our experts will get in contact soon!

CSIRO will handle your personal information in accordance with the Privacy Act 1988 (Cth) and our Privacy Policy.


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

First name must be filled in

Surname must be filled in

I am representing *

Please choose an option

Please provide a subject for the enquriy

0 / 100

We'll need to know what you want to contact us about so we can give you an answer

0 / 1900

You shouldn't be able to see this field. Please try again and leave the field blank.