March 2026
The cyber and data security landscape continues to evolve at pace. It can be challenging to keep up, so we have collated our “top 10” his month, top 12) cyber stories from the last month, so you don’t have to.
News from HSF Kramer
My data is ‘already out there’: HSF Kramer survey finds cyber data breach fatigue rife amongst Australians, public split on paying ransoms
A new survey by HSF Kramer suggests Australians are becoming increasingly fatigued by data breaches, with many feeling their personal information is “already out there”. The research found more than half of Australians experienced a data breach in the past year, yet only around half said they would immediately take recommended steps to protect themselves. The survey also revealed a split in attitudes toward paying ransoms, alongside growing resignation that breaches are an unavoidable part of modern life – a trend experts warn could make both individuals and organisations more vulnerable to cybercrime.
You can read our article, and download the survey here.
Webinar Recap: The Cyber Simulation – Move from Plan to Planning
On the 12th of March, HSF Kramer hosted a webinar featuring representatives from the Australian Signals Directorate (ASD), the National Office of Cyber Security (NOCS) and the Australian Federal Police (AFP) in relation to cyber incidents. Topics discussed varied from the AFP's role in limiting the proliferation of data in a cyber breach to the importance of cross-sector simulations.
Cyber Top 10
1 | Conducted by Dr Jill Slay AM, an independent review into the SOCI Act recently took place, with the stated aim of reshaping the legislation so it does not require continual amendment in response to “emerging technological change or geopolitical threat.” The review found that the current compliance‑focused framework has largely resulted in administrative documentation rather than demonstrable improvements in security outcomes, contributing to a perception that the Act is “toothless.” To address this, the review recommended a shift toward a penalty-based risk management regime, supported by meaningful enforcement mechanisms. Read more here and here. “In some respects, it pains me to see some of the blunt commentary in the Independent Review. I know the regime needs work, but I also acknowledge and appreciate the enormous amount of work that went into the cyber reforms in very short space of time. The Government Agencies involved and thought leaders, did the best they could in my view.”CAMERON WHITTFIELD |
2 | The White House has released President Trump’s Cyber Strategy for America, setting out plans to make the US “unrivalled” in cyber security. The strategy focuses on six areas, including securing government networks and critical infrastructure, strengthening regulation, and building cyber skills. Trump says "our cyber tools and operators are the best in the world – and we are empowering them to defend America by disrupting and disorienting our adversaries, and denying them a safe haven." Read more here. |
3 | In a third Anthropic‑related development, the Australian Government has reported that it has engaged with the company over potential cybersecurity risks associated with the Mythos model. Officials have reported concerns about the model’s ability to uncover “thousands” of vulnerabilities in operating systems and web browsers, prompting close coordination with software providers. Read more here. |
4 | Reporting has revealed that at least 94 Australian organisations admitted to paying ransomware demands over a 12-month period (ending February). While some payments came from major enterprises, the data shows small and mid‑sized organisations are also choosing to pay to restore systems or prevent data leaks, often due to limited resilience or backups. Authorities warn the disclosed figures likely understate the true scale of payments, as smaller businesses are not subject to the same reporting rules. Read more here. |
5 | Australia’s new mandatory cyber security rules for consumer smart devices have commenced, setting minimum security standards for everyday connected products like routers, cameras and smart home devices. The rules ban universal default passwords, require manufacturers to explain how vulnerabilities can be reported, and force them to be upfront about how long devices will receive security updates. The changes mark a shift toward building basic security into consumer tech by default, rather than relying on voluntary best practice. Read more here. |
6 | Iran-linked hackers have claimed they’ve breached the personal email account of an FBI Director, leaking photos and old documents online. The group behind the attack is believed to be tied to Iran’s intelligence services and framed the hack as retaliation for recent US domain seizures. The FBI confirmed the account was targeted but stressed the material was historical and did not include government or classified information. Read more here. |
7 | The ACSC has warned that the INC Ransom group and its affiliate network are actively targeting organisations across Australia, New Zealand and the Pacific. Authorities say the ransomware‑as‑a‑service model allows affiliates to rapidly scale attacks, often exploiting compromised credentials and unpatched systems, and have urged organisations to strengthen patching and detection measures. Read more here. |
8 | Australia’s Parliament House hosted the second annual Women in Cyber Security Summit this month, bringing together leaders from government and industry to talk about improving diversity across the cyber workforce. With women making up just 17% of the sector, speakers agreed that lifting female representation should be a strategic priority for the industry. Read more here and here. |
9 | The Australian National Anti-Scam Centre’s latest Targeting Scams report says that losses hit $2.18 billion in 2025 despite overall scam reports levelling off. According to the report, investment scams caused the biggest financial hit, followed by payment redirection, romance, phishing and remote‑access scams. While losses are down from their 2022 peak, the report warns that scams are becoming more industrialised and increasingly powered by AI. Read more here. |
10 | New research from the Capgemini Research Institute suggests banks are struggling to scale AI because so much of their IT spend is still tied up in maintaining legacy systems. While investment in AI is increasing, ageing core technology is holding many projects back at pilot stage, raising concerns that banks could see slower innovation and weaker returns from their AI spend. Read more here and here. |
11 | The Australian government has started providing guidance to organisations that they should prioritise protecting their IT environments against a future Cryptographically Relevant Quantum Computer, even if such machines do not exist yet. Armed with machines, future attackers will be able to skip the time-consuming phishing and hacking tactics that are common today and simply brute force their way into sensitive systems. Read more here. |
12 | A North Korean national has been exposed after attempting to gain employment with an Australian business during a remote job interview. DTEX, a security intelligence firm, has confirmed that the individual was intending to distribute their wages to the Democratic People’s Republic of Korea to subsidise the country’s weapons programs, which are restrained by global sanction regimes. DTEX’s President believes that better identity verification and stronger screening are necessary before these operatives are hired. Read more here. |
Cameron Whittfield
Partner, Melbourne
Peter Jones
Partner, Head of TMT, Asia, Singapore
Christine Wong
Partner, Sydney
Merryn Quayle
Managing Partner, Melbourne Office, Melbourne
Emily Coghlan
Partner, Melbourne
Magdalena Blanch-de Wilt
Executive Counsel, Melbourne
Kaman Tsoi
Special Counsel, Melbourne
Heather Kelly
Senior Associate, Melbourne
Key contacts
Cameron Whittfield
Partner, Melbourne
Peter Jones
Partner, Head of TMT, Asia, Singapore
Christine Wong
Partner, Sydney
Merryn Quayle
Managing Partner, Melbourne Office, Melbourne
Emily Coghlan
Partner, Melbourne
Magdalena Blanch-de Wilt
Executive Counsel, Melbourne
Kaman Tsoi
Special Counsel, Melbourne
Heather Kelly
Senior Associate, Melbourne
Rebecca Gill
Senior Associate, Melbourne
Caitlyn Bellis
Solicitor, Sydney
Brooke Crenfeldt
Solicitor, Sydney
Annabelle L’Estrange
Solicitor, Sydney
Disclaimer
The articles published on this website, current at the dates of publication set out above, are for reference purposes only. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action.