A decade of Perspectives on Cyber Risk

6 minute read 11.06.2025 Paul Kallenbach, Shannon Sedgwick

Our Perspectives on Cyber Risk 2025 report explores changes in privacy, data protection and cyber security laws over the last 10 years.

Between February and March 2025, we conducted our 10th annual Perspectives on Cyber Risk survey. More than 150 participants — including Australian business leaders, senior executives, directors, legal counsel, and risk professionals — shared their views on the evolving threat landscape. Drawing on a decade of survey data, this year’s report tracks how organisational perspectives have shifted alongside changes in cyber threats, defences, and regulatory expectations.

Over the past ten years, one constant has emerged:

awareness of cyber risk is rising, but readiness continues to lag behind.

Organisations are increasingly aware of the strategic importance of cybersecurity, yet persistent capability gaps remain — particularly in data governance, incident response, and Board-level oversight.

These results highlight a critical need for uplift in governance, strategy, and accountability. Without stronger capability at Board and executive levels, organisations risk overestimating their resilience, underinvesting in uplift, and misjudging their regulatory exposure.

Reflecting on past lessons and considering future threats and opportunities, one thing is clear: cybersecurity is more than just a defensive imperative. It is a shared, strategic responsibility that must be embedded across governance, risk, technology and culture – and is critical to the resilience and success of every organisation in today’s digital age.”
Shannon Sedgwick, Partner, Technology & Consulting

Evolution of AI and cyber risks

Organisations are becoming increasingly ready to adopt AI — and rapidly so. In our 2025 survey, 70% of respondents said they are at least somewhat confident in their organisation’s preparedness to adopt Generative AI (GenAI) platforms. This marks a significant shift from 2018, when fewer than 15% reported any active use of AI solutions.

However, alongside this growing confidence is a sharp awareness of risk. 84% of respondents cite privacy risks, particularly data compromise, as their top concern when it comes to AI adoption.

As GenAI moves from experimentation to enterprise integration, the security, privacy, and governance implications are becoming increasingly complex — and increasingly urgent.

“Organisations must continuously evolve and adapt their security strategy to an increasingly complex environment – especially in the face of AI and its benefits and risks.

This means continuously investing in the fundamentals: timely patching, comprehensive asset and data visibility, rehearsed incident response, supply chain assurance, robust access controls, user awareness training, and reliable backup procedures.

Cyber considerations must be embedded into strategic planning and boardroom dialogue, not just compliance checklists.”

Paul Kallenbach, Partner, Technology, Digital & Data

To mark the release of the 10th Anniversary Edition of the Cyber Risk Report, we sat down for a ‘fireside’ chat with Carly Kind, Privacy Commissioner, Office of the Australian Information Commissioner, and Paul Kallenbach, MinterEllison’s National Legal Cyber Leader, to discuss the rapidly evolving cyber risk and regulatory environment.