Innovate South Australia 2025 Key Takeaways: Cyber Security & Risk Management

Ministerial Address

Hon. Stephen Mullighan MP, Treasurer, Minister for Police, and Minster for Defence and Space Industries

1. Innovation is crucial for public sector efficiency
   Governments face increasing community demands while managing constrained budgets. Investing in innovation and technology is essential to maintaining service delivery and improving efficiency despite financial limitations.
2. Artificial intelligence as a tool for public sector transformation
   South Australia is actively exploring AI applications in government, balancing opportunities for productivity gains with critical considerations like data sovereignty, privacy, and cybersecurity. AI is seen as a tool to support—not replace—public sector workforces.
3. The Digital Innovation Fund fosters collaboration and procurement improvements
   South Australia’s $200M+ Digital Innovation Fund enables agencies to collectively procure technology solutions, fostering consistency in procurement, enhancing supplier engagement, and building public sector capability to adopt emerging technologies.

Chair Opening

Zoe Thompson, Director of SOC & OT Security, Thales Cyber Solutions

1. Critical infrastructure is a prime target for cyber threats
   Attacks on critical infrastructure, including energy, water, and transport, are increasing, with state-sponsored actors and hacktivists exploiting vulnerabilities. Strengthening cybersecurity practices is essential to safeguarding national security and economic stability.
2. Public-private partnerships are key to cybersecurity resilience
   Collaborative efforts between government and industry are essential for sustainable security. Governments must equip enterprises with advanced defence-grade cybersecurity tools to counter sophisticated threats effectively.
3. The role of cybersecurity in national security and public policy
   Cybersecurity is a fundamental pillar of national security, requiring proactive investment, skills development, and policy leadership. Public sector leaders play a crucial role in ensuring cybersecurity frameworks protect critical infrastructure and essential services.

The 2025 Cyber Security Landscape in SA: Navigating the Year Ahead

Darryn Van Someren, Acting Government Chief Information Security Officer, Department of Treasury and Finance

1. Cybersecurity threats are evolving in complexity and impact
   With increasing geopolitical instability and the rise of sophisticated cyber threats, organisations must prepare for more impactful attacks, including ransomware, data breaches, and disinformation campaigns. Cyber resilience is now a strategic imperative.
2. AI is reshaping both cyber threats and defences
   AI enhances attack sophistication, enabling deep fakes, automated phishing, and advanced cyber intrusions. However, it also strengthens cybersecurity measures through threat detection, automated defences, and anomaly monitoring. Effective risk management is crucial to harness AI safely.
3. Collaboration and vigilance are key to cybersecurity resilience
   A proactive, collective approach is essential to mitigating threats. Organisations must prioritise real-time intelligence sharing, proactive threat hunting, and continuous cybersecurity education to stay ahead of emerging risks.

From Zero Trust to Essential 8: Navigating Australia’s Evolving Cyber Policies to Achieve Government Uplift

Tom Scully, Director and Principal Architect for Public Sector, Palo Alto Networks

1. Zero Trust and Essential Eight are central to Australia's cybersecurity strategy
   Government agencies and critical infrastructure providers must adopt Zero Trust principles and Essential Eight maturity models to strengthen security. However, widespread implementation remains slow, requiring sustained efforts in policy, training, and technology adoption.
2. AI and post-quantum encryption will reshape cybersecurity policies
   The rapid adoption of AI presents both security risks and operational efficiencies. Organisations must balance governance with innovation to prevent data leaks and emerging AI-driven cyber threats. Meanwhile, preparations for post-quantum encryption are critical to safeguarding sensitive data against future quantum computing capabilities.
3. Proactive security requires continuous adaptation and collaboration
   Cybersecurity is evolving rapidly, with geopolitical tensions, supply chain risks, and regulatory changes demanding a proactive approach. Organisations must invest in modern cybersecurity architectures, enhance workforce literacy, and collaborate with government and industry to stay ahead of emerging threats.

Securing Government: Keeping Pace with the Increased Scale, Complexity, Impact and Disruption of Evolving Threats

Alistair Coombe, Acting Deputy Director, Cyber Threat Intelligence and Incident Management, Department of Treasury and Finance
Alex Duffy, Cyber Risk and IT Resilience Manager, SA Power Networks
James Calder, Managing Director, National Lead, Cyber & Tech Risk, Scyne Advisory

1. Cybersecurity resilience requires a whole-of-government approach
   Governments are moving toward integrated cybersecurity operating models, emphasising collaboration across agencies and states. Shared services, centralised threat intelligence, and joint crisis response frameworks are essential for improving cyber resilience at scale.
2. Proactive crisis preparedness is critical to mitigating cyber threats
   Cyber incidents, particularly ransomware attacks and critical infrastructure breaches, demand real-time coordination between government and industry. Regular cybersecurity exercises, clear incident response plans, and continuous investment in crisis preparedness can significantly reduce disruption and response times.
3. Data protection and digital identity reforms are necessary for stronger cybersecurity
   Growing cyber threats highlight the need for improved data governance and identity security. Stronger policies—such as GDPR-style data retention laws and the Digital Identity Act—can help mitigate data breaches, ensure better control of sensitive information, and enhance national cybersecurity resilience.

Activating Key Strategies to Bolster Cyber Awareness, Safety and Resilience

Christian Ruckert, Detective Inspector, Financial and Cybercrime Investigation Section, SA Police
Clayton Fopp, Director, Fusion Cells, National Anti-Scam Centre, Australian Competition and Consumer Commission
Jane Standish, Director – Digital Government Lead, CyberCX

1. Strengthening Scam Prevention through Cross-Sector Collaboration
   The newly introduced Scams Prevention Framework mandates greater accountability for banks, digital platforms, and telcos in tackling scams. By enforcing regulatory compliance, sharing actionable intelligence, and strengthening enforcement, this framework aims to reduce financial and emotional harm caused by scams. National coordination among law enforcement, industry, and government is key to effectively disrupting fraudulent activities.
2. Enhancing Public Awareness and Digital Hygiene
   Cybercrime is evolving, with scams targeting both individuals and businesses through phishing, business email compromise, and investment fraud. Proactive education, robust cybersecurity practices (such as MFA and password management), and widespread scam awareness campaigns are essential in protecting Australians from financial and emotional losses. Strengthening early education in schools and digital literacy programs will help future generations navigate online threats more safely.
3. The Role of AI and Future Cybersecurity Challenges
   While AI has the potential to aid in scam detection and threat analysis, its misuse in scams—through deep fakes and social engineering—poses new challenges. AI-driven scam prevention tools, when paired with human oversight and governance frameworks, can improve fraud detection and reduce risks. Ongoing investment in cyber resilience and international law enforcement cooperation will be critical to mitigating the growing sophistication of cyber-enabled crimes.

Making Cyber Security Everyone’s Business: Building Cyber Security Culture, Awareness and Training

Emily Wingard, Manager, Cyber Capability and Engagement, OCIO, Department of Treasury and Finance
Emily Callander, Cyber Business Partner, People First Bank
Peter Crescitelli, Director, Cyber Security, Department for Education
Erin Harriott, Director, Cyber Intelligence and Assurance, Parliament House

1. Cyber awareness is a frontline defence against scams and attacks
   Cyber security training is critical for preventing scams, especially in sectors like finance, where frontline staff interact directly with customers. Raising awareness about social engineering, phishing, and emerging cyber threats empowers individuals to recognise and prevent fraudulent activities before they escalate.
2. Tailored, real-world training improves engagement and effectiveness
   Cyber awareness programs must be customised to different roles, responsibilities, and threat landscapes. Using localised examples, industry-specific risks, and interactive exercises—such as phishing simulations, escape rooms, and leadership-focused cyber drills—ensures training is relevant and impactful.
3. Building a security-first culture requires leadership buy-in and continuous education
   Senior leadership and public sector executives must actively participate in cyber awareness programs to reinforce their importance. Regular, intelligence-driven training, cross-agency collaboration, and community-driven education programs help normalise cyber security best practices across all levels of government and industry.

Powering the Growth, Maturity and Sustainability of South Australia’s Cyber Ecosystem: Supporting a Vibrant Cyber Economy

1. South Australia’s cyber ecosystem is a critical national security and economic asset
   With over 56 cyber-related technology companies contributing $6 billion to the local economy, South Australia is a key player in Australia’s cyber and defence landscape. The state's strategic importance will grow further with AUKUS initiatives, making it a prime target for foreign intelligence collection and increasing the need for advanced cyber defences.
2. Strengthening cyber resilience requires global engagement and workforce expansion
   The increasing frequency of cyber incidents, including undersea cable disruptions, highlights the importance of cyber diplomacy and international collaboration. Addressing the cyber skills shortage—projected to reach 30,000 unfilled positions in Australia by 2026—will require expanding training pipelines, professionalising the industry, and leveraging skilled migration to attract global talent.
3. AI and emerging technologies offer both opportunities and risks
   AI is rapidly transforming cybersecurity by improving threat detection and operational efficiency. However, the eagerness to adopt AI in government and business often outpaces readiness, with gaps in governance and security oversight. Organisations must establish robust AI governance frameworks to mitigate risks while harnessing AI’s potential for cyber defence, workforce enablement, and economic growth.