Australia’s National AI Plan is a welcome start on skills and safety, but it plays too safe. While the US, Europe and the Gulf pour sovereign capital into chips, compute and energy, Canberra is still talking about catalysing investment rather than committing.
A significant supply chain attack has struck the US financial sector, with fintech vendor Marquis Software Solutions confirming a ransomware incident that exposed the sensitive data of hundreds of thousands of customers from dozens of American banks and credit unions.
South Korean e-commerce giant Coupang has confirmed a massive data breach exposing the personal information of 33.7 million customers. The incident, which began in June 2025, is one of the largest in the nation's history and is linked to a former employee's active credentials.
Megan Motto urges improved board-level digital literacy, warning of inevitable cyber breaches. The 2023-2030 Cyber Security Strategy demands stronger cybersecurity, especially in telecoms. Leaders emphasize proactive governance to address rising cyber threats.
The Australian federal government's recent announcement of the 2023-2030 Cyber Security Strategy has prompted a surge of reactions and analysis from industry experts and peak bodies, spotlighting the evolving landscape of cybersecurity and corporate governance.
Megan Motto, CEO of the Governance Institute of Australia, provided a critical perspective on this development in a Radio National interview. She emphasised the escalating complexity of cybersecurity threats and the need for Australian boards to enhance their crisis management preparedness in this digital age.
"51% of Australian boards are hindered by a lack of technology skills"
- Megan Motto, Chief Executive Officer of Governance Institute of Australia
A striking revelation from Motto was the deficiency in board-level digital and data literacy, a skill she regards as essential as financial or legal literacy in today's digital environment.
"51% of Australian boards are hindered by a lack of technology skills," Motto noted, stressing the need for a collective digital savviness amongst board members, rather than relying on a single expert.
"It's not a matter of if, but when a breach will occur"
- Megan Motto, Chief Executive Officer of Governance Institute of Australia
The recent Optus outage served as a real-world example of the challenges facing large organisations. "It's not a matter of if, but when a breach will occur," Motto remarked, emphasising the importance of robust frameworks and decision-making processes to effectively manage such incidents.
This sentiment aligns with broader regulatory initiatives. The Australian Securities and Investments Commission, led by chairman Joe Longo, has indicated a firm stance on holding board directors and executives accountable for inadequate cyberattack preparations. This approach, articulated at the Australian Financial Review Cyber Summit, underscores the regulator's commitment to enforcing stringent cybersecurity measures.
The Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (SLACIP Act) and the Security of Critical Infrastructure Act 2022 have been instrumental in this regard, introducing enhanced obligations and government assistance measures for improved resilience.
The Department of Home Affairs, under the leadership of Minister Clare O’Neil, plays a pivotal role in this strategy. O’Neil's announcement highlights the need for telecommunications companies to comply with stringent cyber requirements, a response to recent significant cyber incidents affecting companies like Optus.
The narrative of accountability and preparedness extends beyond governmental directives. Chris Proctor, Telecoms Practice Associate Director at NCC Group, reacts to the heightened cybersecurity requirements for the telecom sector, recognizing the global trend of increased security measures in critical national infrastructure.
Motto's interview and the collective industry response underscore the urgent need for expert leadership and a shift in corporate governance perspectives. The reliance on third-party experts or a single risk expert on the board is no longer sufficient. Instead, a proactive, ethical, and well-informed approach is required to navigate the increasingly interconnected and digital world of today.
In conclusion, the Australian federal government's Cyber Security Strategy has set in motion a significant discourse on the role of corporate governance in cybersecurity. The emphasis is clear: boards must proactively engage in cyber risk management with the necessary resources, skills, and ethical frameworks to meet global standards and effectively manage the evolving landscape of cyber threats.
Instagram has launched an AI-driven age verification tool in Australia ahead of the December 10 ban on under-16s using social media. The move aims to boost child safety but raises major privacy concerns, with experts warning of risks tied to surveillance, data misuse and unreliable accuracy.
Australia has gone all-in on quantum, betting billions on PsiQuantum’s Brisbane facility while building alliances and spin-outs from Sydney to Chicago. With defence contracts, investor momentum and Five Eyes strategy at stake, Canberra’s gamble is to lead, not follow, in the quantum race.
ASIO’s $12.5 billion espionage warning is more than a tally of stolen secrets. It reveals a national digital crisis. With 24 major spy operations disrupted and identity systems exposed, Australia’s critical infrastructure and social services face a growing risk of collapse from unseen cyber threats.
Trump administration unveils comprehensive AI cybersecurity action plan establishing AI Information Sharing and Analysis Center for threat intelligence. Australian regulator ASIC sues Fortnum Private Wealth over cybersecurity failures that exposed client records on dark web.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
