Perspectives on Cyber Risk 2024

3 minute read + PDF download  17.04.2024

Our cyber survey findings illustrate a marked shift in how organisations are adapting their cyber risk posture to navigate a rapidly evolving digital landscape. In this report, we explore the impact of AI on cyber security; discuss recent regulatory developments, regulator action, and impending Australian privacy and other reforms; discuss the need for organisations to focus on data governance; review major Australian and international data breaches; and identify 10 lessons for best practice cyber incident response.

Between January and March 2024, we conducted our ninth annual 'Perspectives on Cyber Risk' survey. Our research gathered insights from a broad cross-section of respondents, including leading CEOs, CIOs, CISOs, legal counsel, compliance and risk managers, across diverse sectors of the Australian economy.

In this report, we consider rapidly emerging AI platforms such as generative AI, whose adoption rates reveal both emergent opportunities and potential vulnerabilities for organisations.


The overwhelming majority of surveyed organisations told us that they are only somewhat confident, or are not confident at all, that their organisation is well-prepared to adopt these new technologies – with 44% of respondents telling us that privacy and cyber risks were their most pressing concern in relation to the adoption of AI.”
Paul Kallenbach, MinterEllison Partner

Organisations must balance the need to innovate and grow in the digital economy with their privacy and data security obligations and responsibilities. A key focus in this year's report is on long-awaited regulatory reforms. After many years of consultation, in 2024 we expect to see significant changes to Australia’s privacy and data protection regime, which will transform the way that personal and other information is required to be governed, managed and protected.

Icon block

72% of respondents ranked cyber risk as a 'top 5' priority within their organisation (a 16% increase since 2023)

Icon block

44% of respondents told us that privacy and cyber risks were their most pressing concern in relation to the adoption of AI

Icon block

57% of respondents told us that their third party suppliers or vendors had experienced a cyber attack or data breach in the last 12 months

Icon block

46% of respondents said they were confident their organisation knew what data it stores, where it is stored, what controls protect it, and who has access to it

In our 2022 and 2023 surveys, only 56% of the respondents ranked cyber risk as a ‘top 5’ priority within their organisations. This year, however, 72% of respondents considered cyber risk a ‘top 5’ priority – likely reflecting an escalating apprehension amongst Australian organisations in the aftermath of the large scale and highly publicised data breaches.

Perspectives on Cyber Risk 2024


Over many years of advising on data breaches, we’ve seen first-hand the consequences of underinvesting in cyber security, including financial losses, reputational damage, legal jeopardy, and operational disruption. It is crucial for companies to prioritise cyber security as a strategic investment to protect their assets, customers and overall business interests.”
Shannon Sedgwick, MinterEllison Consulting Partner


How can organisations manage cyber risk?

In Perspectives on Cyber Risk 2024, we examine our survey findings against the backdrop of this rapidly evolving cyber landscape. We offer insights into recent technological developments and regulatory responses, and deliver practical guidance for organisations in preparing for, and mitigating the effects of, high-impact cyber incidents. In this edition, you will also find:

  • an overview of regulatory and policy developments in cyber security;
  • updates on regulator action in response to data breaches and class action updates;
  • a summary of major Australian and international data breaches over the last year; and
  • 10 lessons for best practice cyber response with reference to real data breaches.

Perspectives on Cyber Risk 2024