Cyber Ethos

Cyber Ethos Your trusted partner in safeguarding digital assets. We make cybersecurity clear and accessible.

Business Email Compromise cost Australian enterprises $84 million in FY2023-24.Average loss per business: $55,000. For l...
11/06/2026

Business Email Compromise cost Australian enterprises $84 million in FY2023-24.

Average loss per business: $55,000. For large businesses, the figure is $202,700 per incident. Up 219% year on year.

No malware. No exploit. Just a convincing email from someone your team believes they know.

According to the ACSC, email compromise remains the most reported cyber issue for Australian businesses.

The fix is one rule. Always verify changes to payment details and large payment requests through a second independent channel. Never by replying to the same email thread.

74% of Australians think a verbal verification protocol is smart. Only 20% use it.

If your business holds client data that must remain confidential for the next five to ten years, this is not a future pr...
09/06/2026

If your business holds client data that must remain confidential for the next five to ten years, this is not a future problem. It is a 2026 problem.

Adversaries are stealing encrypted data today, storing it, and waiting for the day they can crack it open. The strategy is called Harvest Now, Decrypt Later. The ACSC notified Australian entities of malicious activity over 1,700 times in FY2024‑25, an 83% increase.

A quantum computer could break RSA‑2048 in hours. Experts estimate five to ten years. By the time your 2026 data is decrypted in 2031, the damage is irreversible. Contracts, health records, intellectual property, and board papers are all long‑life targets.

The 2023‑2030 Australian Cyber Security Strategy flags Post‑Quantum Cryptography as a national priority. What this really means is that boards need to ask when, not if, quantum‑safe roadmaps appear in their architecture, risk, and investment discussions.

If your organisation keeps long‑life data and quantum risk is nowhere in your risk registers or board packs, who on your board owns that omission?

Download the Action Plan: https://go.cethos.net.au/action-plan

Last month, three Australian SMBs we spoke with lost sales and ongoing contracts. Not because of pricing. Not because of...
04/06/2026

Last month, three Australian SMBs we spoke with lost sales and ongoing contracts. Not because of pricing. Not because of capability. They could not demonstrate certified cybersecurity frameworks.

Cybersecurity certification has shifted from a defensive cost to a commercial credential. A Sydney‑based professional services SMB we worked with completed an SMB1001 Gold readiness program. Within 90 days, they were shortlisted for two government tenders they had previously been excluded from, and their insurance broker offered a meaningful reduction in premiums.

SMB1001 is Australia’s certification built specifically for small to medium businesses. It translates good security practice into something procurement teams and underwriters can recognise and trust quickly.

Start where you are. Your competitors are getting certified to win the business you are both pitching for. The real question for any board is whether cyber is still treated as an overhead, or recognised as a credential that opens doors.

Comment "CERTIFY" for the SMB1001 readiness consultation.

The average CISO salary in Australia is $237,000 to $252,500. For most Australian SMBs, that is not viable. Meanwhile, t...
02/06/2026

The average CISO salary in Australia is $237,000 to $252,500. For most Australian SMBs, that is not viable. Meanwhile, the questions are getting harder.

APRA CPS 234 requires regulated entities to maintain proportionate security capability. SOCI Act expects board-level governance. Cyber insurers want evidence of mature governance before honouring claims. Government tenders demand proof of leadership.

The model most SMBs have not considered is fractional. Board-level security leadership on a part-time engagement. Strategic direction, governance, regulatory guidance, board reporting. Scaled to your business.

Our CEO, Dr Kiran Kewalramani, was named Cybersecurity Entrepreneur of the Year 2025 and won the Boardroom Cyber Leadership Award in 2026.

If your business supplies services to energy, water, transport, healthcare, or telecommunications, the Security of Criti...
28/05/2026

If your business supplies services to energy, water, transport, healthcare, or telecommunications, the Security of Critical Infrastructure Act may already apply to you. In FY2025, entities were notified of malicious activity over 190 times. An increase of 111%.

Who is affected? IT and managed service providers. Logistics contractors. Software vendors. Manufacturing suppliers. The amendments expanded SOCI coverage to supply chain partners whose vulnerabilities could impact operations.

Incidents must be reported to the ACSC within 12 hours. Civil penalties of $19,800 apply for non‑compliance. We work with suppliers who only discovered they were in scope after a major client asked them to prove it.

If your largest customer asked your board tomorrow for SOCI evidence, could you provide it, or would you be starting from zero under time pressure?

DM Us To Book A SOCI readiness assessment

In August 2025, Regis Resources experienced a Lynx ransomware intrusion. Northern Minerals was not as fortunate. Corpora...
26/05/2026

In August 2025, Regis Resources experienced a Lynx ransomware intrusion. Northern Minerals was not as fortunate. Corporate, operational, and employee data were exfiltrated and listed on the dark web.

The attack did not come through the front gate. It came through the digital infrastructure the board approved. CSIRO projects half of all Australian mining operations will be fully automated by 2030. The average attacker spends 42 days inside an operational environment before detection.

The amended SOCI Act now requires the board to personally approve the annual CIRMP. Non‑compliance carries AU$660,000 daily penalties. That is not an IT fine. That is a board‑level exposure.

If your mining operation is increasing automation but your governance settings have not changed in three years, the gap is already on the balance sheet. The only question is when it becomes visible.

Half of Australian SMBs are operating without a formal cybersecurity strategy. Sixty two percent have already suffered a...
21/05/2026

Half of Australian SMBs are operating without a formal cybersecurity strategy. Sixty two percent have already suffered a cyberattack. Read those two numbers together.

What this really means is that most Australian SMBs are playing defence without a game plan, and most have already taken a hit. Insurers are demanding Essential Eight Maturity Level 2 evidence. Government tenders require certified frameworks. APRA‑regulated entities have explicit CPS 234 obligations.

We work with Australian SMBs that cannot fund a $240k CISO, but also cannot afford to operate without security leadership. The answer most have not considered is a fractional model. Board‑level leadership, part‑time engagement, full strategic capability.

The governance question is simple. Do you have named security leadership who can show your board a plan, or are you relying on “someone in IT” and a policy on paper?

Book a consultation: https://book.cethos.net.au/calendar

Australian small businesses are now paying an average of $56,600 per cyber incident. Up 14% on the previous year. One cy...
19/05/2026

Australian small businesses are now paying an average of $56,600 per cyber incident. Up 14% on the previous year. One cybercrime report every six minutes in Australia, according to the ACSC.

Here’s the thing. The real cost is not the technology gap. It is the governance gap. Owners tell us they feel confident. They have antivirus. They use Microsoft 365. Someone ran an awareness session last year.

When we look closer, we find an outdated device still in production, an account with no Multi Factor Authentication, a backup that has not been tested in six months. None of these are complex problems. They are basic governance misses.

The four controls that protect most Australian SMEs are simple to check and simple to report to a board. The question is whether anyone is actually checking them, or whether comfort has replaced evidence.

Download the Action Plan: https://go.cethos.net.au/action-plan

Stay cybersafe.

🏆 Big news from Manila.Cyber Ethos CEO and Founder Dr Kiran Kewalramani received the Boardroom Cyber Leadership Award 20...
29/04/2026

🏆 Big news from Manila.

Cyber Ethos CEO and Founder Dr Kiran Kewalramani received the Boardroom Cyber Leadership Award 2026 at the Fluxx Asia Conference - presented by Her Excellency Dr Theresa Moseley.

Two days in Manila. One powerful room full of leaders from across the Asia-Pacific region. And a reminder that the work we do at Cyber Ethos matters beyond Australia's borders.

Dr Kiran's message to the room was clear and direct:
👉 Cyber attacks are accelerating with AI transformation.
👉 Data privacy must stay front and centre for every leader.
👉 Protecting your organisation is your fiduciary duty as a board director. It is not optional.

That is the work Cyber Ethos shows up to do every day helping boards, executives, and organisations govern cyber risk with clarity and confidence.

We are proud. We are grateful. And we are just getting started.

Thank you to Her Excellency Dr Theresa Moseley and the entire Fluxx Asia team for this recognition. 🙏

Address

Lisburn Street
East Brisbane, QLD
4169

Website

Alerts

Be the first to know and let us send you an email when Cyber Ethos posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Shortcuts

Share

Category