logo

Best Practice

Australian businesses urged to strengthen defences during Cyber Security Awareness Month

30 Oct 2025
From

Kapil Kukreja

As Cyber Security Awareness Month focuses on the growing threat of cybercrime, HLB Mann Judd Melbourne partner, Kapil Kukreja, is urging Australian businesses to take a proactive approach to managing cyber risks and protecting their data.

Although the impact of cybercrime in the news is often focused on large high-profile companies – such as Qantas in recent times and Optus and Medibank before that – the fact is that businesses of any size can be impacted, he said.

“Cybercrime continues to rise in both frequency and sophistication, and no business is immune,” said Mr Kukreja.

“For many businesses, the question is no longer if they will face a cyber incident, but when.”

He said that while technology plays a critical role in defence, the biggest vulnerabilities often come down to people and processes.

“Human error remains one of the most common causes of data breaches, whether from clicking on phishing links, to mishandling sensitive information. Building a culture of awareness and accountability across all levels of an organisation is just as important as investing in security systems,” Mr Kukreja said.

According to the Australian Cyber Security Centre’s (ACSC) Annual Cyber Threat Report, the ACSC received over 84,700 cybercrime reports through its ReportCyber portal, although it noted that many more go unreported.

The average self-reported cost of cybercrime per report was ~$33,000 per individual (up 8 per cent on last year), and ~$80,850 for businesses (up 50 per cent on last year) – with large businesses reporting a cost of ~$202,700, up 219 per cent on the last year.

This is echoed by the HLB International Cybersecurity Report 2024, which flagged that 39 per cent of businesses reported a rise in the number of attacks, with a further 29 per cent experiencing more severe consequences from cyberattacks in the past year.

Further, many businesses still underinvest in security measures with only 29 per cent implementing AI-related security and governance controls.

Mr Kukreja noted that the cost of a breach goes far beyond immediate remediation, noting the recent Qantas case.

“There’s business disruption, regulatory scrutiny, customer-trust erosion, legal exposure, not to mention potentially lasting reputational damage. In the Qantas case, the scale and depth of the breach will likely have long-lasting effects.”

Mr Kukreja recommends that businesses take several key steps to strengthen their cyber resilience:

  • Ensure the business has a defensible architecture. For example, zero trust principles (never trust always verify), strong authentication such as multi-factor authentication (MFA), and least-privilege access, granting users and systems only the minimum permissions necessary for their roles
  • Build your supply-chain and supplier risk strategy. Map out your supply chain network to identify critical third parties and evaluate their cyber hygiene. Third parties may be weaker links
  • Invest in identity and access controls. Regularly review accounts for inactive users and immediately revoke access for former employees or contractors.
  • Train staff not just once, but as part of an ongoing training program given increasing sophistication. Focus on emerging threats, like GenAI-driven phishing, deep fake emails, and sophisticated impersonation attempts.
  • Review and modernise your technology stack. Identify legacy systems that may have known vulnerabilities and update or replace with modern and supported platforms.
  • Monitor regulatory or national-security developments. Stay informed of changes to cybersecurity regulations, incident reporting laws, privacy obligations, and government-issues advisories.

“Cybersecurity is no longer an IT issue, it’s a business responsibility, and a shared responsibility. Businesses must protect their people, systems, and customers. That means modernising technology, strengthening access controls, continual staff training, and keeping a close eye on emerging threats.

“The reality is clear – cyber risks are growing and businesses that prepare today are the businesses that will thrive tomorrow,” said Mr Kukreja.

Tags:

Earn CPD Points

  • CPD: A TTR strategy for modern retirement

    We are currently witnessing one of the most significant demographic transformations in Australia’s history. Over the next decade, an estimated 2.5 million Australians are expected to enter retirement[1]. This article, [...]

  • CPD: Trend following in uncertain times

    Trend following strategies aim to generate returns by capturing sustained price movements across a diverse range of asset classes. Unlike traditional investment approaches that rely on valuation or forecasting, trend [...]

  • CPD: Aged care advice and ethics

    Data from the Australian Institute of Health and Welfare (AIHW) shows that Australia’s population aged 65 and over is projected to reach 22% – or 8.8 million people – by [...]

  • CPD: AI governance – a practical framework for advisers

    Regulator scrutiny of AI governance just got serious In years to come, they may well call it the ‘Mythos effect’ – the point in early 2026 where all the concerns [...]

  • CPD: Thinking outside the box – providing a loved one a paycheque for life

    Australia’s great wealth transfer is well underway. An estimated $5.4 trillion is expected to pass from those aged 60 and over to younger generations within the next two decades.[1] In [...]

View more CPD