The state of security in Australia 2025
Published Jul 23, 2025 in
Articles
Security
Contributors
Pooja Singh
Cyber security in Australia is no longer just a risk—it’s a structural weakness being tested at scale.
The Medisecure and AustralianSuper breaches, alongside a 25% spike in national incidents, reveal a threat landscape that is intensifying faster than defences can adapt.
ADAPT’s 2025 CISO Survey confirms the gap: over 50% of Australian organisations remain below Level 2 maturity on the Essential Eight, even as GenAI programs are rapidly deployed—often without governance, control, or security oversight.
This report is a strategic guide for Australian CIOs and CISOs navigating this new era. It offers data, benchmarks, and actionable insights to help shift from reactive defence to intelligence-led resilience.
Key Trends:
- ADAPT’s CISO Survey reveals that over half of Australian organisations remain below Level 2 on the Essential Eight maturity scale, providing CIOs and CISOs with a clear benchmark to identify foundational weaknesses in cyber posture.
- The report unpacks the growing AI risk paradox—GenAI is scaling fast, but only 36% of leaders feel prepared to govern it, exposing a systemic threat that demands urgent governance, MLOps control, and enterprise-wide usage policies.
- CISO spending data shows heavy investment in cloud security and IAM, yet underinvestment in automation, training, and software development, underscoring a strategic gap between defensive spend and resilience-building.
- Case examples from Brisbane Airport and AustralianSuper show how leading organisations are transforming reactive SOCs into intelligence-led hubs, aligning real-time detection with business impact to reduce dwell time and improve agility.
- Persistent talent shortages—and misaligned board priorities—are limiting cyber uplift, reinforcing the need to treat capability building, cross-functional training, and cultural readiness as core security controls.
Cyber security in Australia is no longer just a risk—it’s a structural weakness being tested at scale.
The Medisecure and AustralianSuper breaches, alongside a 25% spike in national incidents, reveal a threat landscape that is intensifying faster than defences can adapt.
ADAPT’s 2025 CISO Survey confirms the gap: over 50% of Australian organisations remain below Level 2 maturity on the Essential Eight, even as GenAI programs are rapidly deployed—often without governance, control, or security oversight.
This report is a strategic guide for Australian CIOs and CISOs navigating this new era. It offers data, benchmarks, and actionable insights to help shift from reactive defence to intelligence-led resilience.
Key Trends:
- ADAPT’s CISO Survey reveals that over half of Australian organisations remain below Level 2 on the Essential Eight maturity scale, providing CIOs and CISOs with a clear benchmark to identify foundational weaknesses in cyber posture.
- The report unpacks the growing AI risk paradox—GenAI is scaling fast, but only 36% of leaders feel prepared to govern it, exposing a systemic threat that demands urgent governance, MLOps control, and enterprise-wide usage policies.
- CISO spending data shows heavy investment in cloud security and IAM, yet underinvestment in automation, training, and software development, underscoring a strategic gap between defensive spend and resilience-building.
- Case examples from Brisbane Airport and AustralianSuper show how leading organisations are transforming reactive SOCs into intelligence-led hubs, aligning real-time detection with business impact to reduce dwell time and improve agility.
- Persistent talent shortages—and misaligned board priorities—are limiting cyber uplift, reinforcing the need to treat capability building, cross-functional training, and cultural readiness as core security controls.
