Originally published in The Ararat Advocate and Capital Brief on 18 July 2025.
If Australians needed further proof of the threat cyberattacks pose to businesses of all sizes – and their customers – they got it when Qantas this month revealed that the personal data of nearly six million customers had been stolen.
Names, email addresses, dates of birth, contact details and frequent flyer numbers were compromised – not through a breach of a central server, but via an offshore third-party call centre platform.
Earlier data breaches at Optus, Medibank and Latitude have highlighted the disruption caused by cyberattacks.
Effective, robust cyber security means businesses and government working together to confront a threat that’s constantly evolving.
It means Australians also need to understand that not all attacks can be prevented, but there are simple steps people can take to reduce their risk and help mitigate the impact if their data is accessed.
Through recent advertisements, the ‘Act Now, Stay Secure’ campaign is educating Australians on the simple actions everyone can take to better protect themselves.
For instance, people should ensure their devices are up to date by installing the latest software.
Using multi-factor authentication adds another layer of defence by making it harder for cyber criminals to gain access, while creating strong, unique passphrases is also recommended for every account.
Taking these steps go a long way in enhancing protection because cyber security should be a habit, not an afterthought.
In response to the evolving threat landscape, the Albanese Labor Government is strengthening Australia’s cyber resilience.
The Cyber Security Legislative Package was passed last year to lift national standards and improve response times.
It includes new laws requiring companies to report ransomware payments within 72 hours, mandatory risk assessments for critical infrastructure and stronger information-sharing rules between government and industry.
However, regulation alone can’t solve this problem. It’s up to business leaders to be robust.
Directors need to ask: Are we prepared for a major incident? Do we know our exposure? Are we testing our systems regularly? Are we investing enough in prevention?
In other words, cyber risk must be discussed in boardrooms, not just server rooms.
To prevent identity theft, companies have an ethical duty to safeguard their customers’ data – and that means treating all personal information with equal importance.
Cybercriminals are increasingly sophisticated and well-resourced. Although we can’t stop every attack, we can build defences that are fit for purpose.
This requires investing in secure systems, training staff and building a culture where privacy and protection come first.
But it’s not just up to government to be prepared. Every Australian and business must take responsibility for their own cyber security.
