Agentic AI is when autonomous AI agents make decisions and execute tasks. It’s poised to revolutionize industries. But with this power comes new cybersecurity challenges. This blog explores the deployment architectures of agentic AI solutions and identifies key attack vectors, offering a glimpse into innovative …
Information Security News Microsoft: New RAT Malware Used for Crypto Theft, Reconnaissance BleepingComputer by Sergiu GatlanMicrosoft has identified a new form of RAT (Remote Access Trojan) malware that is being used for cryptocurrency theft and detailed reconnaissance of infected systems. This sophisticated malware targets digital …
Inspired by recent movements in Europe, where tech giants like Airbus have advocated for a sovereign fund to support local technology sectors, this article explores Australia’s strategic need to develop sovereign satellite communication systems. As digital connectivity becomes increasingly crucial, the time to fortify our independence and security is now.
Historical precedents and contemporary movements highlight the risks of depending on foreign technology. The initiative by European tech firms to establish a sovereign fund to support their local industries serves as a compelling example of proactive steps taken to safeguard regional interests and reduce dependency on non-European technologies.
Similarly, developing sovereign satellite communication systems ensures that Australia retains control over its digital destiny, preventing any entity from having disproportionate power over our national infrastructure.
Investing in sovereign satellite systems not only secures national security but also stimulates economic growth. This initiative would create high-skilled jobs, encourage local research and development, and lead to the creation of new technologies.
Enhanced cybersecurity measures within these systems mean that Australia can implement robust security protocols and respond more swiftly to cyber threats, safeguarding the integrity and privacy of information.
The scenario where international tensions lead to a sudden ‘cut-off’ of satellite services managed by foreign corporations could particularly cripple Australian businesses in less wired areas. While most of Australia’s internet traffic is transmitted via fibre optic cables, which predominantly cover urban areas, satellite communications are crucial for ensuring connectivity in rural and remote regions.
Disruptions in these satellite services could lead to significant communication and transaction challenges in these less connected areas. Moreover, if these fibre optic cables were to be cut—whether through sabotage or other disruptions—the effects could be catastrophic, spreading even to major cities.
Such a scenario would not only lead to significant economic losses but also destabilise the entire business landscape, underscoring the critical need for robust and diversified communication infrastructure.
Taking cues from the European call for a sovereign fund, Australia could explore similar financial structures to support the development of its satellite technologies.
Government initiatives might include grants for R&D, tax incentives for local production, and educational programs to nurture expertise in satellite technology and cybersecurity.
The success stories of countries like Canada and France in developing their satellite capabilities offer valuable lessons. These nations have balanced public-private partnerships and regulatory frameworks to encourage innovation while protecting national interests—approaches that could be adapted to benefit Australia.
In Canada, companies like MDA (MacDonald, Dettwiler and Associates) and Telesat have been instrumental in advancing satellite communication technologies. MDA has developed critical infrastructure such as the RADARSAT series, while Telesat operates a fleet of satellites that enhance broadband connectivity and mobile communications across vast distances.
France’s strategy includes significant contributions from firms like Thales Alenia Space, which designs and builds satellites for a variety of functions including telecommunications and Earth observation. Airbus Defence and Space plays a crucial role in the manufacture of advanced satellite systems for both military and commercial uses. Additionally, Eutelsat, as the owner of the London-based OneWeb, exemplifies the strategic importance of maintaining control over satellite communications to ensure national sovereignty.
These examples underscore the benefits of nurturing domestic industries and maintaining control over critical communications infrastructure, providing a roadmap for Australia to enhance its digital sovereignty and secure its satellite communication capabilities.
Designing sovereign satellite systems with cybersecurity at their core ensures resilience against evolving cyber threats. This proactive approach not only protects Australia’s data but also strengthens global confidence in our digital infrastructure.
The necessity for sovereign satellite communication capabilities extends far beyond the realm of technology—it is a strategic imperative vital for ensuring Australia’s long-term security, autonomy, and economic prosperity. As we observe our European counterparts taking decisive steps by advocating for sovereign funds to bolster local tech industries, it becomes clear that Australia must also take bold action.
We must not only support but actively invest in developing and securing our satellite communication infrastructure. This commitment should manifest in increased government funding for space technology research and development, incentives for businesses investing in this sector, and the establishment of robust policies that prioritize national over foreign interests in critical communications infrastructure.
Let us unite—policymakers, industry leaders, and the technology community—to forge a path toward digital independence. By doing so, we will secure a future where Australia remains resilient and competitive in the global digital economy. It’s time for decisive action to protect and advance our national interests. Let’s champion the creation of a sovereign and secure digital landscape for generations to come.
Kim Chandler McDonald is the Co-Founder and CEO of 3 Steps Data, driving data/digital governance solutions. She is the Global VP of CyAN, an award-winning author, storyteller, and advocate for cybersecurity, digital sovereignty, compliance, governance, and end-user empowerment.
Information Security News Elon Musk’s Starlink Could Be Used to Transmit Australian Election Voting Results The Guardian by Josh TaylorThe Guardian reports that Elon Musk’s satellite internet service, Starlink, is being considered as a potential method to transmit voting results in Australian elections. This proposal …
Information Security News EU Looks to Tech Sovereignty with EuroStack Amid Trade War Biometric Update by Masha BorakThe European Union is making significant strides towards tech sovereignty with the development of EuroStack, a comprehensive technology initiative aimed at reducing dependence on foreign tech giants amid …
SecurityWeek by Eduard Kovacs
The U.S. House of Representatives has recently passed a bill that mandates federal contractors to establish vulnerability disclosure policies. This legislative move aims to strengthen the security of federal digital assets by ensuring that vulnerabilities are systematically reported and addressed. The bill stipulates clear guidelines for contractors on how to manage and respond to reported vulnerabilities effectively.
This initiative underscores the government’s commitment to bolstering national cybersecurity infrastructure and fostering a more secure cyber environment for public and private sector collaborations.
Read more
BleepingComputer by Bill Toulas
A malicious package designed to steal Ethereum private keys was recently discovered on the Python Package Index (PyPI), downloaded over 1,000 times before its removal. This deceptive package, masquerading as a legitimate tool, underscores the growing threat in software supply chains where attackers exploit trust to distribute malware.
The incident highlights the critical need for developers and users to exercise heightened vigilance when integrating third-party code, emphasizing the importance of verifying sources and maintaining rigorous security protocols to safeguard sensitive cryptocurrency assets.
Read more
Dark Reading by Kristina Beek
In 2024, the cybersecurity industry witnessed significant cutbacks that disproportionately impacted women, exacerbating existing gender disparities in tech roles. These reductions not only led to fewer women in cybersecurity positions but also stalled efforts toward achieving diversity and inclusivity within the sector.
The situation calls for urgent implementation of supportive measures and policies aimed at recruiting, retaining, and advancing women in technology, particularly in cybersecurity fields. Enhancing gender diversity is not just a matter of equity; it enriches problem-solving and strengthens the overall resilience of cybersecurity defenses, making it imperative for the industry to address these challenges proactively.
Read more
BleepingComputer by Bill Toulas
Recent reports have identified a new type of cyber attack involving malicious Chrome extensions that can impersonate legitimate password managers. These deceptive extensions are capable of stealing login credentials by tricking users into inputting their information, believing they are using their trusted password management tools.
This emerging threat highlights the necessity for users to scrutinize browser extensions carefully before installation and emphasizes the importance of sourcing extensions from reputable developers only. It also calls for enhanced security measures by browser and extension marketplaces to prevent such malicious activities.
Read more
SecurityWeek by Ionut Arghire
The BadBox botnet, which harnessed the power of over 1 million compromised Android devices, has recently been disrupted. This vast network was used for large-scale DDoS attacks and other malicious activities, posing significant threats to online security.
The disruption marks a significant victory for cybersecurity teams, highlighting the effectiveness of coordinated efforts in combating such extensive cyber threats. It also underscores the ongoing need for robust mobile device security measures and public awareness about the risks of downloading unverified applications, which often serve as entry points for malware.
Read more
The Hacker News by Ravie Lakshmanan
More than 1,000 WordPress sites have been compromised with JavaScript backdoors, allowing attackers persistent and covert access. This widespread issue highlights a significant vulnerability in website security, particularly affecting sites with outdated plugins or weak admin credentials.
The malicious JavaScript enables cybercriminals to manipulate site content, steal data directly from users, and potentially leverage the sites for further attacks. This situation calls for immediate action from site administrators to update and secure their systems, implement stringent security measures such as regular audits, and educate users on the importance of strong password policies and regular updates to prevent future breaches.
Read more
Dark Reading Global by Robert Lemos
A Saudi construction firm is currently under siege from a series of escalating ransomware attacks, highlighting a significant vulnerability within the infrastructure sector. These attacks not only threaten the operational continuity and data integrity of the firm but also expose potential security lapses in industry-wide cybersecurity practices.
The situation underscores the critical need for robust cybersecurity measures, including regular system updates, comprehensive employee training, and advanced threat detection mechanisms. It also calls for a collaborative approach to cybersecurity, with increased sharing of threat intelligence and best practices within the sector to mitigate future risks.
Read more
Dark Reading by Alexander Culafi
The espionage group known as ‘Lotus Blossom’ continues to intensify its cyber espionage efforts across Southeast Asia. Leveraging sophisticated tactics, the group targets government and military sectors to gather sensitive information that could influence regional security dynamics.
This persistent threat underscores the critical need for heightened cybersecurity measures within these sectors. Enhanced vigilance, advanced threat detection systems, and continuous cybersecurity training are imperative to defend against such state-sponsored activities and to safeguard national security interests in the region.
Read more
IT Security Guru
SandboxAQ has partnered with the UN AI Hub to enhance global cybersecurity measures and foster innovation in artificial intelligence. This collaboration aims to leverage SandboxAQ’s expertise in quantum computing and AI to develop solutions that address critical security challenges faced by nations worldwide.
By integrating advanced AI technologies, the partnership seeks to create more resilient cybersecurity infrastructures and drive technological advancements that benefit global security and governance. This initiative not only highlights the potential of AI in enhancing cybersecurity but also emphasizes the importance of international cooperation in tackling complex digital threats.
Read more
Cyberscoop by Matt Kapko
The United States has indicted 12 Chinese nationals in connection with a comprehensive espionage operation targeting sensitive U.S. industrial and technological sectors. This sweeping indictment underscores the ongoing geopolitical tensions and the extensive nature of state-sponsored cyber espionage activities.
The accused are alleged to have conducted sophisticated cyber operations to steal trade secrets and critical data, compromising national security and the competitive edge of U.S. businesses. The case highlights the critical need for robust cyber defences and international collaboration to combat these high-stakes threats.
Read more
BleepingComputer by Bill Toulas
Rayhunter, an innovative open-source tool, has been developed to empower individuals and organizations to detect Stingray attacks—covert surveillance methods that intercept mobile phone communications. This tool is particularly crucial in protecting privacy rights as it enables users to identify and mitigate unauthorized cell tower simulators used for eavesdropping.
Rayhunter’s availability underscores the importance of community-driven solutions in enhancing digital privacy and security. It represents a significant step forward in the fight against intrusive surveillance technologies, offering a proactive approach to safeguard personal communications.
Read more
TechRadar by Ellen Jennings-Trace
Tata Technologies has been severely impacted by a major ransomware attack, resulting in the theft of approximately 1.4 terabytes of data, encompassing over 730,000 files. This significant security breach underscores the escalating threat landscape that corporations worldwide are facing.
The attack not only highlights the need for stringent cybersecurity measures but also puts a spotlight on the vulnerabilities that can be exploited in critical business infrastructures. The incident calls for an urgent review and reinforcement of digital defenses to prevent future occurrences and protect sensitive corporate information.
Read more
The Hacker News by Ravie Lakshmanan
Recent discoveries have revealed significant security vulnerabilities in VMware products, which have been actively exploited in the wild. These flaws could allow attackers to execute code remotely and escape from secured environments, posing severe risks to enterprises relying on VMware for their virtual infrastructure.
In response, Broadcom has swiftly released urgent patches to address these vulnerabilities. Organizations are urged to apply these security updates immediately to protect their systems from potential breaches and maintain the integrity of their operational environments. This incident highlights the ongoing need for vigilance and prompt action in the face of emerging cybersecurity threats.
Read more
Dark Reading by Alexander Culafi
The ‘JavaGhost’ threat actor is currently targeting AWS environments through a sophisticated phishing scheme designed to compromise enterprise cloud infrastructures. By exploiting vulnerabilities in AWS configurations, JavaGhost has been able to execute phishing attacks that deceive users into revealing their credentials.
This campaign underscores the importance of stringent cloud security practices, including regular audits and employee training to recognize phishing attempts. Organizations using AWS must enhance their vigilance and deploy multi-layered security measures to prevent such breaches and protect their critical cloud assets.
Read more
Cyberscoop by Matt Bracken
In response to increasing cyber attacks targeting the telecommunications sector, Congress is considering legislation to expand the cyber responsibilities of the National Telecommunications and Information Administration (NTIA). This move aims to bolster the United States’ defenses against sophisticated cyber threats that disrupt essential communication services.
By enhancing the NTIA’s capabilities, lawmakers hope to improve coordination across federal agencies and strengthen the resilience of critical infrastructure. The proposed changes underscore the urgency of adapting governmental cyber strategies to meet the evolving landscape of digital threats.
Read more
BleepingComputer by Sergiu Gatlan
Cisco has issued a warning about a critical flaw in Webex for BroadWorks that could expose user credentials, posing a significant security risk. This vulnerability allows unauthorized access to sensitive information, potentially enabling attackers to intercept and manipulate communications.
Cisco has recommended immediate updates and has provided patches to mitigate this vulnerability. This incident highlights the continuous need for vigilance and prompt software updates in safeguarding communication tools from emerging cyber threats. Organizations are urged to apply these patches without delay to protect their data and maintain the integrity of their communication channels.
Read more
BleepingComputer by Lawrence Abrams
Recent analysis has revealed that cybercriminals employing Black Basta and Cactus ransomware are leveraging Microsoft Teams as a vector for their attacks. These groups use malicious tactics, such as embedding malware within seemingly legitimate communications, to exploit the popular collaboration platform.
The use of Microsoft Teams enables these attackers to bypass traditional security measures and gain unauthorized access to corporate networks. This development calls for organizations to enhance their security protocols concerning communication tools and educate employees about the risks of malware in everyday applications, ensuring robust defenses against these sophisticated cyber threats.
Read more
BleepingComputer by Bill Toulas
A sophisticated new form of polyglot malware has been identified targeting aviation and satellite communication firms, posing significant security challenges. This malware uniquely blends multiple functionalities, allowing it to act both as a data stealer and a disruptor of communication systems.
The attacks highlight vulnerabilities within critical infrastructure sectors and underscore the urgent need for enhanced cybersecurity measures. Firms in these industries are advised to conduct thorough security audits, update their systems regularly, and train staff to recognize signs of malicious activities to safeguard against such advanced threats.
Read more
Dark Reading by Jai Vijayan
Three critical zero-day vulnerabilities have been discovered in VMware software, allowing attackers to escape from virtualized environments and execute code on the host machine. These vulnerabilities pose severe risks to enterprises relying on VMware for virtualization, as they could lead to full system compromise if exploited.
VMware has responded by releasing urgent patches to address these security flaws. Organizations are strongly advised to apply these updates immediately to protect their systems from potential attacks. This incident highlights the ongoing need for proactive security practices and rapid response to emerging threats in virtualization technology.
Read more
BleepingComputer by Bill Toulas
Tata Technologies recently fell victim to a significant ransomware attack by Hunters International, resulting in the theft of over 1.4 terabytes of sensitive data, including more than 730,000 files. This breach underscores the growing threat of ransomware attacks targeting major corporations, highlighting the potential for substantial operational disruption and financial loss.
In response to the attack, Tata Technologies is taking robust measures to bolster their cybersecurity defences and mitigate the impact of the breach. This incident serves as a critical reminder for all companies to enhance their data protection strategies and prepare for the possibility of similar cyber threats.
Read more
Cybersecurity Dive by David Jones
The Eleven11 botnet, a rapidly expanding network, has compromised over 86,000 IoT devices worldwide, demonstrating the increasing vulnerabilities in connected technology. This botnet exploits weak default passwords and unpatched security flaws to control devices, using them for large-scale DDoS attacks and other malicious activities.
The widespread impact underscores the critical importance of securing IoT devices with strong, unique passwords and regular firmware updates. It highlights the necessity for manufacturers and users to implement more rigorous security measures to prevent such infiltrations and protect the integrity of IoT ecosystems.
Read more
SecurityWeek by Ionut Arghire
The Polish Space Agency recently experienced a significant cyberattack, highlighting vulnerabilities in national security and space exploration sectors. This breach compromised sensitive data, potentially affecting critical operations and international collaborations.
The incident emphasizes the urgent need for enhanced cybersecurity protocols and systems within agencies involved in space technology and research. It also calls for increased cooperation among international partners to bolster defenses against such sophisticated threats, ensuring the protection of vital infrastructure and information in the expanding arena of space exploration.
Read more
itNews by Renju Jose
Major technology companies are challenging an exemption that would allow YouTube to operate under Australia’s proposed social media ban, citing concerns over fairness and regulatory consistency. The ban, aimed at protecting users from harmful online content, has sparked debate among tech giants, who argue that all platforms should be held to the same standards.
This opposition highlights the complexities of regulating digital platforms while ensuring competitive equity. It underscores the need for clear, equitable regulations that balance user safety with fair market practices, crucial for maintaining a healthy digital ecosystem.
Read more
Dark Reading by Shirley Salzman
Shirley Salzman, writing for Dark Reading, argues that the future of cybersecurity isn’t about hoarding tools but about mastering governance. While technology plays a role, true resilience comes from strong policies, risk management, and compliance frameworks that align security strategies with business objectives.
Salzman emphasizes that prioritizing governance over endless tool acquisition strengthens operational resilience, mitigates risks proactively, and ensures organizations can adapt to evolving threats. By embedding governance into cybersecurity, businesses create a security posture that’s not just reactive but strategic, scalable, and built for long-term digital defense.
Read more
The Hacker News
The Hacker News staff highlights identity as the new battleground in cybersecurity, with attackers shifting from exploiting system vulnerabilities to targeting user credentials. Protecting digital identities now requires more than just passwords—it demands multi-factor authentication, continuous monitoring, and behavioural analytics to detect and block unauthorized access.
As identity theft and credential-based attacks grow more sophisticated, organizations must prioritize advanced identity protection measures to safeguard individuals and digital infrastructure from evolving cyber threats.
Read more
Dark Reading by Adam Strange
Writing for Dark Reading, Adam Strange emphasizes that as AI continues reshaping business operations, balancing productivity with stringent data security is critical. Organizations must embed security-first principles into AI deployments, ensuring sensitive information is protected from misuse or breaches.
Strong data governance, encryption, and access controls are essential to maintaining trust in AI-driven environments. Strange argues that without prioritizing security alongside innovation, businesses risk compromising both regulatory compliance and long-term growth in an AI-powered corporate landscape.
Read more
InnovationAus by Toby Murray
Toby Murray of InnovationAus critiques tech companies’ proposed safety codes, arguing they fail to offer comprehensive protection for all children online. While these measures represent progress, they still leave critical gaps, particularly for vulnerable users who need the most protection.
Murray calls for stronger regulatory enforcement, ensuring platforms take real accountability rather than relying on voluntary commitments. Without broader, legally binding safeguards, children remain at risk, highlighting the urgent need for policies that prioritize child safety over corporate interests.
Read more
PrivID (Substack)
PrivID (Substack) highlights encryption as a crucial safeguard for democracy, especially as cyberwarfare threats escalate. Strong encryption protects voter data and election integrity from manipulation, ensuring that democratic outcomes remain free from interference.
Weakening these protections risks exposing electoral systems to hostile actors, eroding public trust. The analysis calls on governments to uphold robust encryption standards, reinforcing digital voting security, transparency, and resilience against cyber threats that seek to undermine democratic processes.
Read more
Dark Reading by Andrey Leskin
Andrey Leskin of Dark Reading examines the paradox of a cybersecurity job market plagued by both a talent shortage and hiring difficulties. Despite high demand, many skilled candidates struggle to secure roles due to rigid job descriptions, unrealistic experience requirements, and a preference for niche expertise over adaptable skills.
Instead of fostering talent, companies are narrowing the pool by demanding certifications over potential. The analysis calls for a shift in hiring strategies—investing in internal development, easing entry barriers, and creating pathways for emerging professionals to bridge the cybersecurity skills gap before it widens further.
Read more
Trend Micro by Trent Holmes & Willem Gooderham
Trent Holmes and Willem Gooderham of Trend Micro uncover critical security flaws in DeepSeek-R1, exposing weaknesses in its chain-of-thought reasoning that attackers can exploit. These vulnerabilities enable adversaries to manipulate AI outputs, leading to misinformation, biased responses, or data leaks.
The findings highlight the urgent need for security-first AI development, where transparency, rigorous testing, and adversarial resilience are prioritized. Without stronger safeguards, large language models remain susceptible to manipulation, posing risks to trust, decision-making, and the ethical use of AI-driven systems.
Read more
CyAN Member and evisec CEO Henry Röigas
Highlights from the latest cybersecurity research sources by evisec:
For a deeper dive on these topics and other data-led insights, explore the latest Cybersecurity Research Digest here:
Read more
CyAN Staff
CyAN firmly opposes encryption backdoors, warning that such policies undermine global cybersecurity. While governments argue they are necessary for law enforcement, the reality is they create systemic vulnerabilities that can be exploited by cybercriminals and hostile nation-states.
Weakening encryption doesn’t just affect criminals—it puts businesses, critical infrastructure, and everyday users at risk. Instead of compromising security, CyAN advocates for stronger encryption policies that protect privacy, safeguard data integrity, and ensure a more resilient digital landscape without handing malicious actors an easy entry point.
Read more
CyAN Blog by Fel Gayanilo
CyAN Gen Sec Fel Gayanilo dives into the ever-expanding world of digital scams, where cybercriminals exploit email (phishing), SMS (smishing), and QR codes (quishing) to trick users into handing over sensitive data.
As fraud tactics evolve, so must our defenses. Many scams rely on urgency and deception, preying on human instincts rather than technical vulnerabilities. Fel emphasizes the importance of skepticism, user awareness, and layered security to mitigate these threats.
The best defense? Think before you click—because in today’s cyber landscape, convenience often comes with a hidden cost.
Read more
CyAN Blog by Rupesh Shirke
CyAN explores Dynamic Resilience, a strategy that merges cybersecurity, business agility, and economic security to help organizations navigate digital transformation without increasing risk.
As cyber threats evolve, businesses must move beyond static defenses and embrace flexible security frameworks that adapt in real time. The key lies in balancing innovation with proactive risk management, ensuring security measures scale with technological advancements.
By integrating security into operational agility, organizations can sustain growth, safeguard assets, and maintain resilience in an unpredictable digital landscape.
Read more
CyAN Blog by John Salomon
CyAN Communications and Mentorship Director John Salomon, writing for the CyAN blog, dismantles the argument for encryption backdoors, bluntly stating that they are a fundamentally flawed and dangerous idea.
While governments argue for access in the name of law enforcement, Salomon warns that weakening encryption creates systemic vulnerabilities that cybercriminals and hostile actors will inevitably exploit. He emphasizes that encryption is not just about privacy—it underpins national security, financial stability, and critical infrastructure.
The article makes a clear case: breaking encryption to catch criminals ultimately puts everyone at risk.
Read more
We’re immensely proud to share that Dan Elliott, a highly valued member of our CyAN community and an internationally acclaimed cybersecurity advisor, is a finalist in the 2025 Australian Cyber Awards! 🏆
Dan has been recognized in the Cybersecurity Professional of the Year – Professional and Financial Services category. His nomination is a testament to his dedication to the field, his commitment to collaboration with clients and peers, and his passion for sharing his extensive experience across the sector. Join us in celebrating this well-deserved recognition!
🔗 Read more: Dan Elliott’s LinkedIn Post
On March 18th, Dan will also be speaking at the Australian Information Security Association (AISA) CyberCon Canberra on the topic:
“The Human Element in Cyber Resilience: Lessons from the Intelligence Community”
If you’re in Canberra, you won’t want to miss this insightful session!
🔗 Watch the highlights: Dan Elliott’s LinkedIn Post
At CyAN, we are ALWAYS overjoyed to celebrate our members’ successes and contributions to the cybersecurity community. Congratulations, Dan!
• CyAN APAC: The Geopolitical Impacts of Cyber Threats: From Espionage to Influence keynote by Dan Elliot, March 12, Peoplebank, Sydney
More info
• Trust & Safety Forum at Forum INCYBER Europe (FIC), Lille, France: April 1-2
More info
• GITEX AFRICA, Marrakesh, Morocco: April 14-16
More info
• GITEX ASIA, Singapore (Marina Bay Sands): April 23-25
More info
• GISEC, Dubai World Trade Center, Dubai, UAE: May 6-8
More info
• The Cyber Outstanding Security Performance Awards (Cyber OSPAs), May 8, London, UK
More info
• World AI Technology Expo UAE, Dubai, UAE: May 14-15, 2025
More info
• MaTeCC, Rabat, Morocco: June 7-9, 2025
(The third annual North Africa and beyond cybersecurity event, hosted by CyAN partner organisation École High-Tech.)
More info
Last Friday, I attended the launch of The Cost of Domestic Violence to Women’s Employment and Education at the University of Technology Sydney. Written by the renowned researcher and writer Anne Summers, this report lays bare how domestic violence and coercive control disrupts women’s financial …
Information Security News Latin American Orgs Face 40% More Attacks Than Global Average Dark Reading by Nate NelsonOrganisations in Latin America are experiencing a surge in cyberattacks, facing 40% more incidents than the global average. This alarming trend underscores the unique cybersecurity challenges in the …
It is essential to clarify from the outset that this analysis does not seek to establish a direct correlation between cybersecurity expenditure and measurable security outcomes, such as the successful mitigation of cyber threats or financial savings resulting from reduced attack impact. While investment in cybersecurity is a necessary component of a robust defence strategy, the complexity of cyber risk, evolving threat landscapes, and the multifaceted nature of security effectiveness preclude any straightforward causal relationship between financial allocation and security success. This study, therefore, focuses on the strategic prioritisation of cybersecurity investment within financial institutions rather than attempting to quantify its direct operational efficacy.
Furthermore, it is important to note that the financial data presented reflects cybersecurity spending over a multi-year period, albeit one from several years ago. Given that this analysis is conducted in 2025, some figures may not fully capture more recent investment trends, emerging security technologies, or shifts in cyber risk exposure. While historical data provides valuable insight into spending patterns and institutional priorities, it does not necessarily indicate present or future financial commitments.
A subsequent analysis will seek to explore potential correlations between cybersecurity investment and key security outcomes, leveraging publicly accessible data where possible. This follow-up study will critically assess available metrics—such as breach frequency, regulatory penalties, and operational resilience—to determine whether any discernible patterns emerge between financial commitment to cybersecurity and real-world security performance. However, given the inherent challenges of isolating variables in this domain, findings will be framed within the limitations of available data, temporal gaps in financial reporting, and broader contextual industry factors.
Major global banks have dramatically increased their cybersecurity investments in the past five years, both in absolute spending and as a share of IT budgets. Table 1 below compares cybersecurity spending for several top banks (by assets) in 2018 vs. 2022, illustrating these trends. North American banks show some of the highest absolute cyber budgets (hundreds of millions of USD annually), while European banks tend to allocate a slightly higher percentage of their IT budget to security. Asia-Pacific banks historically spent less on cybersecurity (contributing to higher vulnerability rates in that region (Low investments in cybersecurity expose financial sector to threats: Experts – The Economic Times), but are now rapidly ramping up investments as cyber threats intensify globally.
Table 1. Cybersecurity Budget Trends at Selected Major Banks (2018–2022) (link here)
Detailed case studies from different regions demonstrate how major banks are implementing significant cybersecurity initiatives. These examples show how banks tailor their cyber strategies to address region-specific threats and comply with local regulations, while investing heavily to bolster resilience.
JPMorganChase, the largest U.S. bank by assets, has made cybersecurity a centerpiece of its technology strategy. In 2019, the bank spent roughly $600 million annually on cybersecurity and employs about 3,000 cybersecurity personnel (With $600 Million Cybersecurity Budget, JPMorgan Chief Endorses AI and Cloud – SecurityWeek). For perspective, this budget was a dramatic increase from preceding years (the bank’s cyber spend doubled from $250 million to $500 million in the mid-2010s (2018 Cybersecurity Market Report), reaching ~$600 million by 2019). JPMorgan’s CEO Jamie Dimon identified cyber risk as perhaps “the biggest threat to the U.S. financial system” (With $600 Million Cybersecurity Budget, JPMorgan Chief Endorses AI and Cloud – SecurityWeek), underscoring why the bank continues to pour resources into cyber defence. JPMorgan’s initiatives focus on advanced capabilities like artificial intelligence and cloud security. Again in 2019, Dimon endorsed a move “all in” on cloud and AI to enhance security, noting the cloud can improve resiliency and scale defenses.
Fast forward to 2024, and JPMorgan’s situation was laid bare by CEO JPM’s Asset Management & Wealth Mary Callahan Erdoes:
Hard numbers on the above were stated during the conference as: $15bn annual technology spend with 62,000 technologists, many of whom were/are focused on cyber specifically.
The firm has built multi-layered defenses and real-time monitoring to handle everything from routine fraud attempts to advanced nation-state threats. U.S. regulatory expectations (from bodies like the FFIEC and New York State DFS) and industry collaboration via the Financial Services Information Sharing and Analysis Center (FS-ISAC) have further driven JPMorgan’s strategy. The bank regularly works with government and industry partners to share threat intelligence and bolster critical infrastructure protection.
HSBC, one of Europe’s largest banks (with a global footprint concentrated in Europe and Asia), has likewise made robust cybersecurity investments and adaptations. HSBC’s annual cybersecurity spending is estimated in the hundreds of millions (USD) – on the order of $600–750 million per year in recent years (Financial Firms Spend Up to $3,000 Per Employee on Cybersecurity). This forms a significant portion of HSBC’s roughly $6 billion overall technology budget (approaching ~10% allocated to security). HSBC’s approach to cybersecurity is heavily influenced by the cross-border regulatory landscape and evolving threats in its key markets. European regulations (think the EU’s General Data Protection Regulation (GDPR) and the PSD2 directive (mandating strong customer authentication)) have pushed banks like HSBC to achieve high standards in data security and fraud prevention. Additionally, EU supervisors (e.g. the European Central Bank) now ask banks for detailed cyber resilience metrics (such as dedicated security staffing) to ensure preparedness (THE CHALLENGE OF ORGANIZING THE BUDGETARY MANAGEMENT OF CYBERSECURITY IN YOUR COMPANY – RiskInsight).
In response, HSBC announced a series of security initiatives to stay ahead of emerging threats. For example, in 2023, HSBC announced that it had become the first bank in the UK to trial quantum cryptography for network security, partnering with BT Group and Toshiba to pilot Quantum Key Distribution for encrypting data between its London data centres (We’re fighting the cyber criminals of the future | HSBC News).
This quote is from former CEO of HSBC Europe, Colin Bell, who highlighted HSBC’s proactive stance on next-generation security. HSBC also continually upgrades more immediate defences: the bank processes 4.5 billion payments a year, and it relies on encryption and real-time threat monitoring to protect those transactions.
Asia-Pacific: DBS Bank (Singapore)
In the Asia-Pacific region, DBS Bank provides a case study in integrating cybersecurity deeply into a digital transformation strategy. DBS is a leading Singapore-based bank operating across Asia, and it has been recognised as one of the world’s most technologically advanced banks. With this digital focus, DBS’s leadership is acutely aware that cyber risk comes hand-in-hand with innovation. A quote from Seng Wei Keng in this FS-ISAC piece sets the tone nicely:
DBS has implemented a multi-layer “onion” security architecture to defend its systems (DBS’ Piyush Gupta explains how the bank deals with digital trust in an era of deep fakes and misinformation – CNA). According to CEO Piyush Gupta, DBS operates under the assumption that some attackers will penetrate outer defences, so the bank emphasises in-depth measures and internal monitoring to limit any potential damage. This includes extensive use of techniques like micro-segmentation of networks, behavioural analytics, and AI-driven anomaly detection to quickly identify and isolate threats. DBS also contracts specialised cybersecurity firms to scour the dark web for any signs of attacks targeting the bank or brand, enabling rapid takedowns of phishing sites and fake domains. These initiatives have earned DBS recognition; it was the first bank to implement an innovative “digital soft token” mobile authenticator (with a money-back security guarantee for customers) and won the regional Cybersecurity Award in 2019 for its security excellence (DBS: On Becoming the Wizard of Digital Transformation).
Regional regulations and threat trends shape DBS’s cyber strategy as well. Singapore’s regulator, the Monetary Authority of Singapore (MAS), imposes stringent Technology Risk Management guidelines, requiring banks to maintain strong cyber governance and report incidents within hours. DBS not only complies but often exceeds these requirements, serving as an industry leader in implementation of measures like secure API frameworks and zero-trust principles. Asia-Pacific has become the most targeted region for cyberattacks globally (31% of all reported cyber incidents in 2022, for example, were in APAC) (Top Cybersecurity Statistics for 2024 | Cobalt), so banks like DBS have had to rapidly elevate their defences. The bank’s investments in cybersecurity have grown annually (while exact figures aren’t public, DBS’s overall tech spending is substantial, and a healthy fraction is devoted to security efforts). By leveraging its tech-forward culture and complying with forward-looking initiatives (for example, MAS’s 2024 quantum-resilience trials with banks (MAS to commence quantum-proofing cybersecurity trials with banks …)), DBS adapts to the region’s unique challenges.
Leaving the reader with these quotes gives you a sense – at least on paper and in front of the press mic – of the seriousness with which bank executives are taking the cyber threat. Leading banking executives have explicitly underscored the importance of proactive cybersecurity investment and strategy – and it’s clear that the spend, both in total volume and as a percentage of IT spend – supports their intuitions. Whilst data are sometimes a bit hard to nail down, what’s clear is that major banks, globally, are spending with vigour. (How effective spend is in reducing loss from cyber attacks is a topic for another article, although successes like that of DBS, for example, suggest risk and impact can be managed well.)
Below are selected quotes from CEOs and board-level leaders at major banks over the past years, highlighting their perspectives on cyber initiatives and commitment:
Next I’ll attempt to articulate the impact of this spend…
Nick Kelly | SecureFlag | CyAN Member
Website: www.secureflag.com
LinkedIn: Nick Kelly
Abstract In today’s rapidly evolving digital landscape, organizations face unprecedented challenges that necessitate establishing a robust framework to navigate operational agility and economic security. This document delves into dynamic resilience, harmoniously integrating these vital components to foster sustainable growth, adaptability, and long-term success. Through a …