GIW Federal 2025: Tony Chapman on National Office of Cyber Security - Insights from major cyber incidents and exercises

Tony Chapman—Deputy National Cyber Security Coordinator and First Assistant Secretary at the National Office of Cyber Security (NOCS)—delivers a clear picture of Australia’s rapidly evolving cybersecurity environment. He explains how major incidents like Optus and Medibank exposed the need for a coordinated national response, leading to NOCS’ mandate to prevent, prepare for, respond to, and recover from cyber threats.

Chapman notes that Australia is now one of only eight countries with dedicated cybersecurity legislation. He walks through the new reforms, including protected information-sharing arrangements, upcoming Cyber Incident Review Boards, mandatory reporting of ransomware payments, and security standards for internet-connected devices. As he puts it, “Information shared with us to reduce harm will not be used for regulatory or enforcement action,” emphasising that collaboration—not punishment—is the focus.

The data paints a clear picture:

• 595 data breaches were reported in the second half of last year, with 404 driven by malicious attacks

• 84,700 cybercrime reports—roughly one every six minutes

• The health sector is now the most targeted non-government domain

• $12.5 million lost to cyber espionage in 2023–24

• A major UK breach (Marks & Spencer) costing £300 million, with systems down for up to 10 weeks

Chapman also highlights the shift from encryption-based ransomware to rapid data-theft attacks and the rising efforts of state-based actors. This makes human behaviour one of the most important shields against attacks. As he stresses, “Phishing and ransomware remain significant threats—humans are the first line of defence.”

He closes with the urgency of building a safer digital Australia grounded in partnership, readiness, and resilience:
“Cybersecurity is human security. Cybersecurity is national security. Cybersecurity is national resilience.”