AI, cyber threats, and operational risk: businesses must update mindset on managing cyber risk
Client
Services
No items found.
Years in business together
1. Introduction
2. Problem
3. Solution
4. Results

Project introduction

Problem & challenges

Solution

No items found.

Results

Australian businesses are facing a perfect storm of cybersecurity threats, as the rapid adoption of artificial intelligence (AI), ongoing credential-based attacks, and inconsistent governance combine to expose critical vulnerabilities in businesses, according to Kapil Kukreja, partner, HLB Mann Judd Melbourne.

Last year Australians reported a total of $2.3 billion in losses due to scams. Mr Kukreja says businesses can no longer afford to treat cyber risk as a back-office function.

“Cybersecurity is now a strategic issue. Between the rise of AI, increasing attack frequency, and gaps in governance, businesses are exposed on multiple fronts, with many still overlooking basic protections.”

HLB International’s Cybersecurity Report released in 2024 found that 39 per cent of businesses reported a rise in the number of attacks, with a further 29 per cent experiencing more severe consequences from cyberattacks in the past year.

Despite this, many businesses still underinvest in security measures with only 29 per cent implementing AI-related security and governance controls, and just a quarter (24 per cent) running ongoing cyber awareness training.

“Many organisations are still approaching cybersecurity as a one-off investment rather than a continuous, evolving discipline. The growing sophistication of cyber threats demands not only smarter technologies, but a proactive mindset, embedding security into every layer of the business,” says Mr Kukreja.

He said the recent cyberattack on multiple Australian organisations highlights the urgency of strengthening basic cyber hygiene across all sectors and sizes of business.

“One of them wasn’t a sophisticated hack, it relied on previously leaked passwords and weak access controls. It’s a warning that the fundamentals still aren’t being done well enough,” he said.

According to the HLB survey, 64 per cent of businesses now consider cybersecurity a major strategic priority, but there remains a clear gap between intent and action.

“The threat landscape is evolving rapidly, and businesses must evolve with it - including governance, operations, technology, and culture. Boards, executives, IT leaders and staff all have a role to play. Cybersecurity is no longer optional. It’s foundational to business continuity, reputation, and trust. The organisations that act now will be far better positioned for the future.”

Mr Kukreja outlined key recommendations for businesses looking to strengthen their systems:

  • Audit AI usage and ensure any adoption is supported by governance frameworks. As businesses increasingly integrate AI tools into operations, it's essential to understand how and where AI is being used. Regular audits can uncover risks, ensure compliance with data and privacy laws, and confirm that AI usage aligns with ethical and security standards. Robust governance frameworks should guide AI deployment to avoid unintended consequences and vulnerabilities.

  • Increase training frequency – not just annually or post-incident, but ongoing. Cybersecurity awareness training should be part of the business, not a checkbox exercise. Continuous education through monthly updates, phishing simulations, or microlearning modules, helps staff stay alert to evolving threats and reduces the likelihood of human error, which remains a top vector for breaches.

  • Understand third-party risks especially vendors with access to business systems. Suppliers, contractors, and software providers can inadvertently introduce vulnerabilities. Conduct regular assessments of third-party security practices, ensure contracts include cybersecurity obligations, and limit access based on the principle of least privilege to reduce exposure to external threats.

  • Keep systems patched and updated to prevent known vulnerabilities being exploited. Many cyberattacks exploit known flaws for which fixes already exist. Timely patching of software, operating systems, and firmware is one of the most effective ways to shut the door on attackers and maintain strong baseline security.

  • Test incident response plans regularly to minimise disruption and recovery time. Having a plan isn’t enough, it must be tested under realistic conditions. Regular tabletop exercises and simulations help ensure everyone knows their role, uncover gaps in the plan, and improve the speed and effectiveness of responses when a real incident occurs.

More examples of our work

E-commerce hits its limit as physical retail make a comeback
Read more
Media Releases
21.5 years to close gender pay gap, as Financy Women's Index warns of a deepening industry divide this Equal Pay Day
Read more
Media Releases
Fixed income investors reap strong returns from new bond issues
Read more
Media Releases

Ready to take your communications strategy to a new level?

Contact us

PritchittBland Communications is a specialist communications and public relations consultancy specialising in the financial services industry.

About Us
HomeOur workAbout usOur insightsOur servicesContact us
Contact us
Level 5, 20 Bond Street
Sydney NSW 2000
info@pbcommunications.com.au

PritchittBland Communications is a founding member of the International Financial Communications Group.

© 2023 PritchittBland Communications | All rights reserved
Privacy Policy