CyberDaily.au’s 2025 Cyber Summit in Sydney brought together a diverse collection of industry leaders to discuss and dissect the most pressing cybersecurity challenges facing Australian businesses in 2025. Calleo’s Andrew Mullan, Senior Cyber Advisor, and Dom Jennings, Managing Consultant, attended the Summit and reported the following.

Overview

In a threat environment shaped by heightened geo-political tensions, economic pressures and rapidly advancing technological innovation, cybersecurity has emerged as one of the most critical and dynamic challenges for Australian businesses of all shapes and sizes.

Artificial Intelligence and Security

If you were to ask a casual observer what the biggest trend in technology is in 2025, most would answer Artificial Intelligence – and they wouldn’t be wrong. AI is everywhere you look, from ChatGPT and chatbots to AI Reasoning and Agentic AI, buzzwords abound and organisations are feeling the pressure to ‘adopt or die’.

However, within this environment, threat actors have identified unique and novel opportunities that present serious risks for Australian businesses. AI-powered cyberattacks are now commonplace, using AI to craft phishing emails that bypass filters, generate convincing deepfakes, or mutate malware to evade detection. Automation has supercharged attackers' ability to discover and exploit vulnerabilities at speed.

In addition, businesses are deploying AI across critical systems like finance, HR, and Customer Relationship systems – often without fully understanding  the security implications. Business leaders are rushing to deploy AI-enabled applications and, in the process, bypassing standard security vetting measures providing threat actors with an ever-increasing threat landscape to exploit. 

Economic Pressures driving Security Decisions

Globally, the economic environment in 2025 is difficult. From macro-economic factors such as global trade wars and supply chain disruptions due to armed conflicts, to localised cost-of-living crisis and inflationary pressure, economic factors are high on the priority list of organisations and individuals alike.

In this context, while cybersecurity is a high priority for most – sometimes there simply isn’t the money available to deal with all threats. Ultimately, businesses must prioritise spend allocation and, much to the chagrin of CISO’s across the country, not every cyber-initiative is worthy of the limited funding available.

This is particularly relevant for small and medium sized businesses. SME’s don’t have the luxury of large IT teams with dedicated cybersecurity professionals identifying and analysing risks. Australia’s SME’s, which make up a vast portion of the economy, are underprepared and overexposed.



In 2024, over 90% of cybercrime reports come from businesses with turnover under $2 million and with an average cost per incident of $62,000, a single cyber incident can prove fatal for many SME’s.

Geopolitics and the Technological Advancement of Nation State Actors

As we find ourselves in an increasingly hostile geo-political environment, adversaries of Australia are increasingly deploying sophisticated cyber warfare tactics. These state-sponsored attacks go beyond traditional cybercrime, leveraging advanced techniques to infiltrate, disrupt, and even manipulate critical infrastructure and corporate networks.

Nation-state cyber actors operate with significant resources, targeting industries such as finance, healthcare, and energy to steal intellectual property, compromise sensitive data, and undermine economic stability. With geopolitical tensions rising, the cyber battlefield has become a key front in international conflicts, making Australian businesses prime targets.

Tactics employed include phishing campaigns, ransomware attacks, and supply chain compromises, exploiting vulnerabilities in digital ecosystems. The consequences are severe—financial losses, reputational damage, and operational disruptions that can take years to recover from.

Conclusion

The 2025 Cyber Summit underscored the urgent need for businesses to rethink their approach to cybersecurity in an era shaped by AI disruption, economic strain, and escalating geopolitical threats. Australian businesses, particularly SMEs, must navigate a landscape where cyber risks are evolving faster than ever, often outpacing their ability to respond effectively. 

While AI offers transformative opportunities, it also introduces unprecedented security vulnerabilities that demand strategic oversight. 

As nation-state actors refine their cyber warfare tactics and economic pressures force organizations to make tough security decisions, it’s clear that a reactive approach is no longer sustainable. 

The call to action is evident—business leaders must prioritize robust cybersecurity frameworks, embrace proactive risk management, and foster collaboration across industries to ensure resilience in the face of an increasingly volatile digital world.