HomeWebinarCard
Log in

Cyber Security for Industry Associations

March 26, 2026|12:00 PM AEDT
Register for this event

Australian industry associations face mounting pressure to guide their members through escalating cyber threats as government reports show an 11% rise in responded incidents and an 83% surge in notifications of malicious activity in 2024-25.

Key takeaways

  • The Australian Signals Directorate's Annual Cyber Threat Report for 2024-25 documents over 1,200 cyber security incidents responded to—an 11% increase—and more than 1,700 notifications of potentially malicious activity, an 83% jump, underscoring a rapidly worsening threat landscape.
  • Industry associations, often serving as trusted intermediaries for businesses of all sizes, are increasingly expected to translate complex cyber risks into practical advice amid rising ransomware, state-sponsored attacks, and supply-chain vulnerabilities.
  • Non-obvious tensions include the resource constraints of smaller associations in providing meaningful guidance while avoiding liability, alongside the trade-off between fostering open threat-sharing among members and the risks of exposing weaknesses to adversaries.

Rising Threats Demand Association Leadership

Cyber attacks in Australia have intensified markedly in the past year. The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) handled over 1,200 cyber security incidents in FY2024–25, marking an 11% increase from the previous period. Notifications to entities about potentially malicious activity rose 83%, to more than 1,700 instances. Cybercrime reports reached over 84,700, averaging one every six minutes.

Industry associations occupy a unique position in this environment. They represent entire sectors, often including small and medium enterprises that lack dedicated cyber expertise. As threats increasingly target supply chains and legacy systems, associations are looked to for sector-specific guidance on basic hygiene, threat awareness, and compliance with evolving standards.

Recent government priorities reinforce this shift. The ASD and Australian Institute of Company Directors issued joint guidance on cyber security priorities for boards in 2025-26, emphasising event logging, legacy IT replacement, third-party risk management, and post-quantum cryptography preparation. While not mandatory for all associations, these expectations ripple through industries where associations advocate for members.

Stakes are tangible. Ransomware and data breaches disrupt operations, with average remediation costs in the millions for affected organisations. Inaction risks reputational damage across a sector if a prominent member suffers a high-profile breach, potentially eroding trust in the association itself. Smaller associations face particular challenges: limited budgets constrain their ability to hire specialists or run sophisticated programmes, yet members demand clear, actionable advice.

A key tension lies in information sharing. Associations can facilitate threat intelligence exchange among members, but this carries risks of inadvertently revealing vulnerabilities. Balancing collaboration with caution remains a persistent challenge, especially as state-sponsored actors exploit such networks.

Broader regulatory momentum adds urgency. New rules under the Cyber Security Act 2024 mandate ransomware payment reporting for certain entities, while smart device standards take effect in March 2026. Associations must navigate these changes to help members avoid penalties or market exclusion.

Sources

You might also like

We use cookies to measure site usage. Privacy Policy