Cybersecurity starts with employees

It’s no longer a question of if your business will face a cyber attack, but when. With cybercriminals growing more sophisticated and emboldened, we need to stop thinking of cybersecurity as a purely technical challenge and start seeing it as a human one.

New statistics by the Office of the Australian Information Commissioner (OAIC) highlighted a total of 1113 notified data breaches in 2024. This is a 25% increase from 893 notifications in 2023. At the same time, cybercrime is constantly evolving to become more sophisticated, especially with the rise of AI.

So, how can businesses keep pace in an environment where threats are evolving faster than defences?

AI, the double-edged sword

While AI is revolutionising business operations, it has also reshaped the cyberthreat landscape in ways many aren’t prepared for. According to SoSafe’s Cybercrime trends report, 96% of Aussie businesses have encountered AI-assisted or -driven cyber attacks in the last year. This is the highest rate among the nine countries surveyed, including the UK, France, Germany and others.

What once took hours of human effort, crafting a convincing phishing email, cloning a voice or scraping personal data, now takes seconds with the right tools. Cybercriminals are using AI to scale, personalise and automate attacks in ways that overwhelm even well-defended organisations. In fact, cybercriminals are increasingly expanding their attack surface, with 98% of businesses in Australia having seen an increase in multi-channel attacks in the last year, as cybercriminals continue to implement a combination of email, messaging apps, social media and deep fake voice calls.

Yet, while AI has undeniably become a powerful tool for threat actors, it also offers enormous potential as a defensive ally. When used effectively, AI can help cybersecurity teams identify anomalies in real time, detect surface threats in real time and automate response workflows, effectively reducing the window between detection and action. From predictive threat modelling to behavioural analytics, AI is already being used to strengthen cyber resilience across organisations.

Still, nearly half (48%) of surveyed businesses report lacking the tools and preparedness to counter these AI-driven threats. This growing gap between rapidly evolving attack tactics and existing defences is putting Australian businesses, especially small and mid-sized ones, at heightened risk.

As cybercriminals continue to exploit these gaps, cybersecurity can no longer be seen as a siloed technical function. It must be a shared responsibility, one that combines smart tools, empowered people and continuous vigilance.

The importance of humans in cybersecurity

With cyber breaches becoming increasingly sophisticated and complex, every employee is a potential target and should be a crucial part of the defence strategy.

This means shifting from compliance-based training to more immersive, real-world education. Tools like simulated phishing exercises, gamified learning and scenario-based training build muscle memory, not just awareness. They help employees recognise suspicious activity, report it quickly, and respond effectively.

Organisations that regularly train their teams on social engineering tactics and cybersecurity hygiene see measurable reductions in successful attacks. More importantly, they foster a culture where security is embedded in daily decision-making, not treated as an afterthought.

Equipping employees to handle cyberthreats requires more than a one-time training session. It calls for consistent, ongoing education that keeps pace with an evolving threat landscape. Regular training helps staff build the skills and confidence needed to spot risks and respond appropriately when a cyber attack occurs.

By providing employees with the opportunity to experience simulated realistic scenarios, such as receiving a fraudulent invoice or a suspicious login request, employees have the chance to practise responding in a safe environment. This hands-on approach not only reinforces smart habits but also makes training more appealing, which ultimately empowers employees to act as a strong first line of defence.

As the cyberthreat landscape continues to evolve rapidly, the gap between technical defences and human awareness continues to grow. For Australian businesses, bridging that gap is no longer optional.

By prioritising continuous, human-centric cybersecurity education and creating a culture of shared responsibility, businesses can turn their workforce into their strongest line of defence. The future of cybersecurity isn’t just smarter tools, it’s smarter teams.

*Jacqueline Jayne is Advocate for Human-Centric Security at SoSafe.

Image credit: iStock.com/Sadi Maria