What do ransomware attacks in the UK have to do with your cyber insurance bill in Australia? Possibly, a lot. In the past few months, several big-name UK retailers — including Marks & Spencer , Harrods , and the Co-Op Group — have found themselves in the crosshairs of sophisticated cyberattacks. While Harrods reportedly stopped an incident in its tracks, others weren’t so lucky. Marks & Spencer is staring down a $400 million bill for breach response and recovery. These aren’t isolated hits. According to Google’s Threat Intelligence Group, these attacks are connected to broader campaigns also targeting US-based retailers — and possibly Australian businesses next . Here’s where it gets real: Insurance providers are watching closely. 📈 Insurance Premiums Could Rise - Even If You Haven’t Been Hit Yet For now, cyber insurance premiums have started to stabilise after sharp hikes during the pandemic years. But experts like Monica Shokrai (Google Cloud) say the math i...

Australia's Record-Breaking Year for Data Breaches In 2024, Australia saw its highest number of reported data breaches since mandatory notification laws were introduced in 2018. The Office of the Australian Information Commissioner (OAIC) received a total of 1,113 breach notifications , a staggering 25% increase from the previous year. From July to December alone, 595 new breaches were reported. So what’s driving this surge, and more importantly, what should Australian businesses and agencies be doing in response? The Threat Landscape Isn’t Slowing Down According to Australian Privacy Commissioner Carly Kind: “The trends we are observing suggest the threat of data breaches, especially through the efforts of malicious actors, is unlikely to diminish.” Attackers are getting smarter, more organised, and more persistent. The risks to Australians' privacy are only increasing. Where Are These Breaches Coming From? Malicious and criminal attacks were the lea...

Penetration Testing for Small Aussie Businesses Imagine this: You wake up to discover your small business has been hacked. Not just a hiccup, but a $2 million loss overnight. That’s exactly what happened to a mid-sized professional services firm in Australia this year. No, they weren’t a bank. No, they didn’t store health records. But they did have: Valuable client data Cloud-based systems Weak email protections And that was enough. The Fallout Was Brutal Within hours, attackers had access to sensitive project files, client financials, and internal emails. The recovery bill? Over $2 million once you factored in: Forensics and clean-up Mandatory disclosure Legal fallout Lost clients This was a business with under 50 staff. Lesson One: You’re Not Too Small Many Aussie SMBs still think they’re “under the radar.” But here’s what the attackers are really looking for: Weak MFA Outdated software Shared logins No phishing training It...

A Practical Guide for Companies Under $2 Million Turnover Why Pen Testing Isn’t Just for Big Business If you're running a growing business, you might assume cybercriminals are only interested in the big guys — banks, government, multinationals. But here’s the reality: Small businesses are targeted more often — and hit harder. Why? Because attackers know smaller teams often: 🔁 Reuse passwords ⏰ Skip regular patching 👨‍💻 Don’t have a full-time IT or cyber team 🧪 Aren’t testing their defences proactively And that’s where Penetration Testing comes in. What Is Penetration Testing? Penetration testing (or pen testing) is the process of simulating a real-world cyberattack on your systems — not to break things, but to uncover your weak spots before an attacker does . A good pen tester will: 🕵️ Mimic the tactics of real hackers 🚪 Attempt to bypass your existing security controls 📄 Report back with clear insights on what could be exploit...