All posts
Cyber Security
2
min read

AI and Cybersecurity: The New Risk Frontier for Australian Businesses

This article examines top risk management priorities for Australian businesses in 2025 and highlights key actions Boards and Executive Teams should be considering to future-proof their organisations.
Sention cyber resilience risks
Written by
Dr Rebecca Hoile
Published on
April 22, 2025
Copy post

As Australian organisations face a fast-evolving threat landscape, cybersecurity has surged to the top of the boardroom agenda. With risk management spending forecast to reach AU$6.2 billion in 2025, up 14.4% from the previous year, it's clear that cyber resilience has become a strategic priority.

This increase follows a series of major breaches over the past few years, including Optus, Medibank, and IVF provider Genea, all of which exposed sensitive data and triggered regulatory scrutiny. ASIC’s legal action against HSBC has further signalled a shift towards tighter enforcement. In parallel, phishing rates in Australia remain nearly double the global average, and small businesses are losing over AU$300 million each year to cybercrime, often without proper insurance coverage.

Amid these trends, one area of investment is dominating: risk and security services. Forecast to reach AU$2.9 billion in 2025, a 16.1% increase, they represent the single largest cybersecurity spend category.

Why? Because many organisations simply can’t manage the workload alone. From consulting and managed services to specialist support, external partners are playing a vital role in helping teams meet compliance, strengthen defences, and adapt to complex risks. For most, it’s not about saving money, it’s about buying time, expertise, and resilience.

At the same time, the rise of generative AI tools is introducing new risks. While AI promises advances in automation and threat detection, it also enables more sophisticated attacks. Cybercriminals are using AI to craft realistic phishing campaigns and generate malicious code. Meanwhile, early adopters of AI-based security solutions are seeing mixed outcomes, leading many to shift from grand transformations to more targeted, tactical improvements.

So, what can Australian businesses do?

  • Review your overarching risk management strategy including emerging risk
  • Build in-house cybersecurity skills and use external services to fill capability gaps
  • Establish clear governance frameworks for safe and compliant AI adoption
  • Focus on resilience, not just compliance, plan for disruption, not just audits
  • Conduct cyber incident response planning and training.
  • Scenario-test high-impacts threats
  • Align your cybersecurity and AI strategies to prevent one outpacing the other.

Time to Act

Australia’s digital risk landscape isn’t slowing down. The cost of inaction may lead to reputational, financial, and legal recourse, which is only set to grow as the Australian government implements and updates new legislative requirements. Yet, every dollar invested in cybersecurity must move your business closer to resilience, not just regulatory alignment.

Start by reviewing your current approach:

  • Are you investing in improved outcomes or ticking boxes?
  • Is your AI adoption secure and well-governed?
  • Are your teams equipped and skilled or overwhelmed?
  • Have you updated and tested your crisis management and business continuity plans?

Improving cyber security is a key to improving organisational resilience. Resilience is no longer a competitive advantage. It’s the baseline.

Threat Tags
No items found.
Monthly Threat Briefing
Want to receive a free monthly summary report on the threat landscape?  Sign up here to receive your monthly Threat Intelligence Briefs.
Read about our privacy policy.
You are now subscribed!
Oops! Something went wrong while submitting the form.