Recently, Barracuda hosted a round table with senior security leaders from Australian businesses across a wide range of industries, and a leading Forrester analyst, to explore the strategic priorities and practical challenges shaping organisational resilience, governance and innovation in the face of mounting cyber risk. 

Security leaders have long grappled with talent shortages, evolving threats, emerging technologies and regulatory complexity – but in 2025, these challenges have converged into a perfect storm.

The adoption of artificial intelligence, the introduction of new regulatory requirements and the growing sophistication of cyber attackers are reshaping risk and cyber defence for Australian organisations. The time from data breach to theft or encryption is shrinking, and attackers can monetise stolen assets faster than ever before. These shifts are forcing businesses to rethink their approach to risk management and incident response.

The changing the face of security threats

One of the most significant changes voiced during the roundtable discussion was the growing prevalence of AI policy and strategy within organisations. As businesses integrate AI into their operations, concerns about the risks of sensitive data being plugged into these AI tools are coming to the forefront as well as the impact AI is having on decision-making. [TT1] 

Users seeking greater efficiency through SaaS solutions such as AI assistant tools, are causing a spike in ‘shadow IT’ cases, with leaders citing new risks and challenges introduced that must be addressed through robust governance and oversight.

Data theft remains a persistent challenge, with attackers leveraging advanced techniques to trawl through large volumes of data at speed. The increasing use of dummy accounts is making it harder for organisations to detect and prevent fraud. Meanwhile, governance continues to lag behind technological change, leaving many companies exposed to emerging threats that outpace regulatory oversight.

As more data becomes available for attackers to deploy hyper-personalised attacks, supply chain threats are also maturing with attackers exploiting email-dependent relationships built on personal trust to lower boundaries and gain access to sensitive information. Conversation hijacking, though low in total volume, has proven to be highly effective, allowing attackers to manipulate communications and compromise security. Organisations will need to consider balancing hyper-personalisation with privacy, and walk a fine line between delivering personal experiences and respecting consumer boundaries.

Security Leadership and Workforce Change

When discussing what businesses can do to address evolving security threats, there was a consensus around the table that the capability and competence of a team are increasingly seen as central to an organisation’s ability to manage risk. Likewise, organisations must have clarity about the risks and opportunities associated with their business including legacy and disparate systems. 

Some participants said their companies rely on insurers to identify key risks, trusting that these partners have done their research and can provide effective guidance. Other organisations are shifting towards secure service edge and contextual awareness in their security systems. This approach enables businesses to act pre-emptively based on context, rather than relying solely on reactive measures.

At a board level, personal insurance for security leaders is emerging, reflecting the growing recognition of cyber security as a critical business issue. Tabletop exercises are becoming an essential part of incident response planning, with organisations emphasising the importance of prepared communications to ensure a swift and coordinated response to security incidents.

Preparing for the Road Ahead

Looking ahead, it was clear that preparing for the unexpected is essential. AI-driven attacks will continue, cyber criminals will learn how to attack more efficiently and there will always be the human element to consider. Organisations need to adjust their defences accordingly.

Proactive, adaptive security strategies and empowered leadership will be key to navigating the evolving cyber security landscape and ensuring the resilience of Australian organisations in the face of emerging threats.