Frameworks Explained

AESCSF v2 Explained: Domains, Maturity Levels, Security Profiles & Anti-Patterns

A plain-English guide to how the Australian Energy Sector Cyber Security Framework actually works — the 11 domains, the MIL-0 to MIL-3 maturity scale, Security Profiles SP-1/SP-2/SP-3, and the anti-patterns that can quietly cap your result.

5 July 2026  ·  11 min read

Read article

Threat Landscape

Frontier AI Has Rewritten the Attacker's Playbook

The most capable AI models now run multi-stage intrusions, write flawless phishing and clone voices and faces at machine speed — including the first documented AI-orchestrated espionage campaign. What enterprises now face, and why a measured control baseline matters more than ever.

22 June 2026  ·  11 min read

Read article

Regulation & Compliance

The SOCI Enhanced CIRMP Rules Are Now Law

Registered 9 June 2026, the enhanced CIRMP Rules bind nine asset classes — energy, gas, fuel, water, broadcasting, DNS and freight — to enhanced cyber, personnel, supply-chain and physical security. For energy that means AESCSF Security Profile 2, with 12 and 24-month grace periods.

13 June 2026  ·  12 min read

Read article

Enterprise & Export

The CRA's First Hard Deadline: 24-Hour Vulnerability Reporting

Everyone watches December 2027 — but from 11 September 2026 the EU Cyber Resilience Act requires manufacturers to report actively exploited vulnerabilities within 24 hours. What the cascade requires, and where Australian exporters report.

9 June 2026  ·  9 min read

Read article

Enterprise & Export

The EU Cyber Resilience Act

What Australian businesses that sell or export digital products to Europe need to know about the new mandatory cyber security requirements taking effect in 2027.

26 May 2026  ·  10 min read

Read article

Regulation & Compliance

AESCSF SP-2 by June 2028: Why 25 Months Is Not as Much Time as It Sounds

Now law (registered 9 June 2026). The headline change for energy: lift cyber maturity to AESCSF SP-2 across all 11 domains by around mid-2028. Most responsible entities sit at SP-1 today — here is why that jump is the hard part.

12 May 2026  ·  14 min read

Read article

Regulation & Compliance

APRA CPS 234 in 2026: The Six Common Gaps and Why Compliance Is Harder Than It Looks

CPS 234 has been in force since 2019 — but the bar has moved. The tripartite assessment programme has surfaced six common gaps across 300+ regulated entities. FAR has made executive accountability explicit. CPS 230 has added overlapping obligations. Here's where compliance sits now.

28 April 2026  ·  14 min read

Read article

Regulation & Compliance

Hong Kong's PCICSO: What Designated Critical Infrastructure Operators Must Do Now

Hong Kong's Protection of Critical Infrastructures (Computer Systems) Ordinance came into force on 1 January 2026, alongside the Commissioner's Code of Practice. Here's what designated CIOs across the eight covered sectors must do — three obligation categories, supply-chain ripple, penalties up to HK$5 million.

14 April 2026  ·  13 min read

Read article

EU Regulation & Financial Sector

Is Your Organisation Ready for DORA?

DORA is already in force. What financial entities and ICT providers need to know about the EU's Digital Operational Resilience Act — who is in scope, the five pillars, and what to do now.

31 March 2026  ·  10 min read

Read article

Payment Card Security

PCI DSS v4.0.1 in 2026: The 51 Future-Dated Requirements Are Now Mandatory

The transition window has closed. v4.0.1 is the only active version of the standard and the 51 future-dated requirements have been mandatory since 31 March 2025. Here's what changed, what every assessment is now scoring against, and how to verify your environment is current.

17 March 2026  ·  13 min read

Read article

Regulation & Compliance

Cyber Security for Law Firms

What your professional conduct obligations actually require — the confidentiality duty, minimum expectations from Law Societies, trust account risks, and the new ransomware reporting obligation.

17 February 2026  ·  8 min read

Read article

Regulation & Compliance

Cyber Security for Mortgage Brokers

What your ACL, Best Interests Duty, and Privacy Act obligations require — covering client data, aggregator portal risk, settlement fraud, and breach reporting.

3 February 2026  ·  7 min read

Read article

Regulation & Compliance

Cyber Security for Financial Planners

ASIC has now won Federal Court penalties against two AFSL holders for cyber security failures. What financial planners and advice licensees must do to meet their Corporations Act obligations.

20 January 2026  ·  8 min read

Read article

Regulation & Compliance

Australia's Privacy Act Reforms 2024

What changed with the 2024 legislation, which obligations are already in force, and what's coming in the next round of reforms — explained for business owners.

6 January 2026  ·  8 min read

Read article

Regulation & Compliance

Cyber Security for Real Estate Agents

From 1 July 2026, real estate agents become AML/CTF reporting entities for the first time. Settlement fraud is already active. Here's what the combined risk landscape means for your agency's data security and compliance obligations.

23 December 2025  ·  7 min read

Read article

Regulation & Compliance

Cyber Security for Bookkeepers and BAS Agents

Bookkeepers hold TFNs, payroll records, and direct access to client banking environments. The TPB's 2024 Code Determination explicitly requires you to protect that data — and a compromised bookkeeper account can expose every client they manage.

9 December 2025  ·  7 min read

Read article

Framework Guide

The Essential Eight Explained

Australia's most important cyber security baseline — what the eight controls require, what maturity levels mean in practice, and who must comply.

25 November 2025  ·  9 min read

Read article

Regulation & Compliance

Cyber Security for NDIS Providers

Disability services report more data breaches than any other industry in Australia. Here's what your NDIS Commission, Privacy Act, and Cyber Security Act obligations require you to do to protect participant data.

11 November 2025  ·  8 min read

Read article

Regulation & Compliance

Cyber Security for Childcare Providers

NQF digital technology policies are now mandatory, CCTV requirements have changed, and the way your service handles images of children is under regulatory scrutiny. Here's what approved providers need to do.

28 October 2025  ·  7 min read

Read article

Regulation & Compliance

Cyber Security for Accountants and BAS Agents

What the Tax Practitioners Board Code of Conduct requires from accountants and BAS agents — and what evidence you need if something goes wrong.

14 October 2025  ·  7 min read

Read article

Insurance & Due Diligence

Cyber Insurance for Small Business

What insurers are actually asking in applications, which controls they check for, and why claims get denied when the answers don't match reality.

30 September 2025  ·  7 min read

Read article

Cyber Threats & Risk

What Happens If Your Business Gets Hacked?

The real costs of a cyber attack — downtime, legal obligations, and why 1 in 5 small businesses don't recover. What you're required to do if it happens.

16 September 2025  ·  8 min read

Read article

Regulation & Compliance

Cyber Security for GP Clinics and Allied Health

What GP clinics and allied health providers must do to protect patient data under AHPRA's Code of Conduct — and why the small business exemption doesn't apply.

2 September 2025  ·  8 min read

Read article