Cyber Shock: Australia's CEOs Sound the Alarm on the Digital Doomsday Knocking at the Door, By Brian Simpson
Swirling in the boardrooms of BHP, Commonwealth Bank, and Wesfarmers, sleep's a luxury, thanks to the relentless spectre of cyber-Armageddon. The Australian's 2024 CEO Survey, fresh from over 80 titans, crowns cyber-attacks as the "single biggest external threat," eclipsing geopolitics, inflation, and even bushfires. Judo Bank's Joseph Healy confesses it's his "3am thought"; CSL's Paul McKenzie warns of uncontrollable contagion from suppliers' suppliers. No surprise as 2025's threat landscape deepens: 76% of CISOs report breaches (double last year), burnout ravages 78% of teams, and a $63B annual hit looms if unchecked. From DP World's 2023 port paralysis (echoing in 2025 supply chain scares) to AI-fuelled phishing surges, this isn't paranoia, it's peril. Let's burrow deep: Stats scream escalation, CEOs spill fears, and fixes demand more than firewalls. In a world where one click cripples continents, Australia's execs aren't just awake, they're wired for cyber war!
The article's pulse, cyber as CEOs' nightmare, pulses stronger in 2025 data. To conserve space I will write in a note form. PwC's May report: 2024's 31% vulnerability surge and 20% exploitation spike carried into H1 2025, with APAC attacks up 25% YoY. Security Quotient's September analysis: Phishing scams, ransomware, and supply chain hits dominate, with 89% of execs bracing for worse (McGrathNicol survey). Cyble's August deep-dive: Australia's landscape "deepened" post-2024, fuelled by state actors, probing critical infra.
Burnout's the hidden hack: Australia Cyber Magazine's August poll, 78% of orgs grapple, driven by 24/7 alerts and talent shortages. Davidson's CEO Index (September): Cyber's #1 tech worry for local gov bosses, with 24% losing sleep, mirroring the national survey's exec angst. KPMG's "Cybersecurity Considerations 2025" (Paolo Maresca's X post): CEOs rank it top, shifting from reactive to proactive amid AI threats.
X echoes: Khulood Almani's September post (249 likes), 9 predictions, from quantum crypto cracks to IoT entry points, racks 120k views, with CEOs chiming in: "AI's double-edged, tool and terror."
The survey's raw voices endure in 2025 updates. Healy's "everyone alert" mantra? Spot-on amid 76% breach reports (ERMA September). Hawkins' layered defences? Wise, but McKenzie's contagion fear haunts: DP World's 2023 shutdown (stranding 30k containers) lingers, no major 2025 sequel, but echoes in June's hypothetical "Freight Giant" scares (Eftsure). White's crypto crackdown call? Timely, Reuters November 2023 DP World data theft (employee leaks) ties to 2025's $3B scam losses (NAB's McEwan).
REA's Wilson on supplier chains? Prophetic, Waterstons Australia's 2025 review flags DP World as "scary contagion" case. O'Neill's regulatory gripe? Woodside's merger talks (Santos) face gas cap fallout, but cyber's the wildcard. Coles' Weckert on supply shocks? Covid/bushfire prep evolves to cyber, extreme weather + hacks = dual doom.
X amplifies all this: Commvault Asia's September post (7 views) on $63B threat and digital skills gap ($25B productivity unlock by 2035) tags CEOs: "Boost workforce or bust." Group-IB's webinar promo (324 views): H2 forecasts warn ransomware/AI phishing surges in APAC.
DP World dominates 2025 retrospectives. November 2023 attack (Riviera MM): Crippled ops, resuming slowly (Seatrade). 2025 updates? Industrial Cyber's November 2023 note: "Incident not concluded," lingering data theft (Reuters: Employee breaches). Eftsure June 2025: "Immobilises ports," with 2025 echoes in simulated drills (no new hits, but warnings).
Broader breaches: UpGuard's 2025 list adds 2024's Optus/Medibank fallout (millions affected), Latitude's 2023 echo. Webber Insurance: TissuPath 2023 victim upset, but 2025's "multibillion-dollar industry" rings true, ABC September: Disruptive attacks rising, state-sponsored.
Global tie-in: ERMA's September post: 76% CISOs breached,double 2024. Anonymous's 2020 warning (1.5k likes): China hacks on gov/infra, 2025's Cyble confirms deepened state actor probes.
Article's "crippling" fear? 2025's $63B tab (Security Brief) underscores: NAB's McEwan on $3B scams hurting Aussies. Dynamic Business: 89% expect worsening, geopolitics amplifying (BHP's Henry). LinkedIn's Davidson: 24% CEOs awake, mirroring survey.
Implications? Contagion (McKenzie): One breach ripples; DP World's ports halted trade. Burnout (78%): Talent flight. X's Shoebridge (Oct 2024, 376 likes): Climate's "greatest risk," but cyber's the digital drought.
Healy's "personal responsibility"? Core, 2025's proactive pivot (KPMG). Hawkins' layers? Multi-factor, AI detection (Group-IB webinar). White's crypto curb? Timely for scam deterrence. Wilson's supplier audits? Essential, 2025's supply chain focus (Cyble).
Broader: Digital skills push (Commvault: $25B gains). ERMA's resilience: Governance upgrades. X's Almani (120k views): AI defenses vs. threats, autonomous response key.
The Australian's survey, cyber as CEOs' nightmare, resonates louder in 2025: 76% breaches, $63B tab, deepening threats. The cyber war is well underway.
"Australia's corporate leaders say a cyber attack now represents the single biggest external threat to the running of their businesses and is the top issue that keeps them awake at night.
No matter how prepared they think their business is, the chief executives believe a risk of a crippling attack is real and have highlighted how little control they have as it can unknowingly come from anyone they do business with.
Cyber was the overwhelming response to a question about what keeps chief executives up at night as part of The Australian's 2024 CEO Survey.
More than 80 leaders from companies including BHP, Commonwealth Bank, Wesfarmers and Woodside were asked about their views on a range of topics from the economy, the energy outlook and reform. The responses represent the most comprehensive snapshot of the mood of corporate Australia heading into the new year.
The Australian will run the series over the next week while a selection of CEO responses will be published over summer.
But it was the constant threat of a cyber attack that CEOs overwhelming nominated as likely to impact or disrupt their business within the next 12 months.
"In truth, my greatest fear – the so-called 3am thought – is the threat of cyber-attacks," said Judo Bank chief executive Joseph Healy.
"Making sure that everyone within the business is alert to this risk and takes personal responsibility to protect the bank is critical and is something that I am completely focused on."
Australian business has already seen the fallout from cyber attack in the past 18 months when data stolen from companies such as Optus, Medibank and Latitude Financial affected millions of customers.
Last month the nation's biggest port operator, DP World, shut down ports across Australia after it too discovered it been hit with an attack. Attempts are expected to become more frequent.
As well as unnerving customers caught up in the attacks, the hacks have had a huge financial cost, and cybercrime is now a multibillion-dollar industry. Because those behind the crime are nearly always based offshore the activity is becoming harder than ever to stamp out.
The prospect of cyber threats, such as data theft and ransomware, presented far greater risks to their businesses than other forms of cyber disruption like terror-linked attacks or spyware.
Insurance Australia Group chief executive Nick Hawkins said his organisation heavily invests in cyber and data security controls, and has multiple layers of defence in place.
"But that doesn't mean the risk goes away," Mr Hawkins told the survey.
Paul McKenzie, of healthcare and vaccines manufacturing major CSL, said no matter how well prepared you think you are, the threat of a cyber attack can often be beyond your own control. Indeed a vulnerability can come from a supplier to one of your own suppliers.
"We've seen many examples where one company has a breach, but many other people and organisations are affected. The contagion can be a scary thought," Mr McKenzie said.
Wisetech chief executive and multibillionaire Richard White suggested that government examine the role of cryptocurrencies, as a crackdown would likely help deter cyber criminals from targeting Australian companies.
"Anyone not focused on cybersecurity as a critical need is risking major disruption and reputational damage. No-one is completely impervious," Mr White said.
Owen Wilson of realestate.com.au owner REA Group said every business should be focused on how the data they collect can impact consumers.
"As we've seen this year, anyone can be targeted. Businesses also need to think beyond their own operations to include third-party suppliers in their planning and mitigation of potential exposures," Mr Wilson said.
All of the major bank bosses ranked cybersecurity at the top of their own external threats list. This is a consistent message from the sector given they collectively face millions of attacks on their systems each week.
At the same time, National Australia Bank boss Ross McEwan said technology was making scams more sophisticated and this was hurting ordinary Australians. Latest official estimates put local losses to tech-based scams at $3bn last year.
"I hear and see of the terrible toll this takes on customers. Multinational criminals are targeting Australians every second of every day," Mr McEwan said. He said businesses has a role in helping to educate and protect customers from scammers, as well as investing in the latest technology to help minimise the threat.
Beyond cyber, geopolitics ranks high as an external threat to chief executives who oversee export-focused companies.
"We are living in a world of heightened uncertainty," said BHP chief executive Mike Henry. "And the terrible tragedies and geopolitical instability we have seen across the globe will continue to impact Australia and world trade."
Mr Henry noted Australia was entering the new year facing a global economic downturn marked by a slower recovery in China, falling growth in the US and Europe, and broad inflationary pressure.
Geopolitical shocks and market conditions were also top of mind of external threats for UBS Australia chief executive Anthony Sweetman.
took aim at federal and state governments, arguing the uncertain regulatory environment created the greatest external pressure for companies like Woodside. The oil and gas major, which is involved in talks for a possible merger with smaller rival Santos, was among those caught out in the federal government's sudden domestic gas price cap last year.
"Businesses need certainty so we can continue to invest and deliver our much-needed products to customers in Australia and around the world, and to ensure we are internationally competitive," Ms O'Neill said.
Meanwhile, Coles chief executive Leah Weckert said the Covid-19 pandemic and extreme weather events of recent years showed how vulnerable Australia was when it came to getting critical supplies to many parts of the country.
She said the supermarket operator was planning around this, including taking into account the potential for bushfires and heatwaves this summer. Part of this involved putting on additional supplies, as well as storage of basic food and water that were most in demand when natural disasters hit.
Comments