‘Cyber Attacks are Being Treated Like the Cost of Doing Business’ says Former Australian PM Malcolm Turnbull

Government & Policy | Leadership | Risk Management | Security Operations

Posted: Tuesday, Jun 30

KBI.Media
$
‘Cyber Attacks are Being Treated Like the Cost of Doing Business’ says Former Australian PM Malcolm Turnbull

Karissa Breen, more commonly known as KB, is crowned a LinkedIn ‘Top Voice in Technology’, and widely recognised across the global cybersecurity industry. A serial entrepreneur, she is the co-founder of the TMFE Group, a portfolio of cybersecurity-focused businesses spanning an industry-leading media platform, a specialist marketing agency, a content production studio, and the executive headhunting firm, MercSec. Now based in the United States, KB oversees US editorial operations and leads the expansion of the group’s media footprint across North America, while maintaining a strong presence in Australia, and the broader global market. She is the former Producer and Host of the streaming show 2Fa.tv, and currently sits at the helm of journalism for the group’s flagship arm, KBI.Media, the independent cybersecurity media company. As a cybersecurity investigative journalist, KB hosts her globally-renowned podcast, KBKast, where she interviews leading cybersecurity practitioners, CISOs, government officials including heads-of-state, and industry pioneers from around the world. The podcast has been downloaded in over 65 countries with more than 400,000 global downloads, influencing billions of dollars in cybersecurity budgets. KB is known for asking the hard questions and extracting real, commercially relevant insights. Her approach provides an uncoloured, strategic lens on the evolving cybersecurity landscape, demystifying complex security issues and translating them into practical intelligence for executives navigating risk, regulation, and rapid technological change.

i 3 Table of Contents

‘Cyber Attacks are Being Treated Like the Cost of Doing Business’ says Former Australian PM Malcolm Turnbull

From Karissa Breen

Former Australian Prime Minister Malcolm Turnbull says governments and corporations are still dangerously complacent about cyber threats roday. Modern cyber warfare now sits as the centrepiece of national sovereignty, critical infrastructure and geopolitical power.

Turnbull articulated how cybersecurity can no longer be viewed as a ‘niche technical problem’ which is handled by IT teams anymore, those days are done.

“There wasn’t a digital economy, the economy was digital,” Turnbull said. “Cybersecurity is a risk, an issue for everything. It is part of statecraft, it is part of sovereignty.”

The former leader who launched Australia’s first national cybersecurity strategy in 2016 said many executives and government leaders were shockingly unprepared for the realities of the digital world even a decade ago.

“You would be absolutely amazed,” Turnbull said. “Senior business leaders, government leaders would get their secretary to print off all their emails because they didn’t like reading anything on a screen.”

Turnbull said one of the biggest failures inside corporations was treating cyber risk as someone else’s problem.

“Too many of the people in the C-suite would say, ‘I have no understanding what all this is about. I’ll just leave it to the nerdy person, the Chief Information Security Officer.’ And that’s actually not good enough.”

The former Prime Minister said awareness, not just technology remains the biggest weakness facing both governments and private enterprise.

“Most compromises come about because of a compromise of identity,” he said. “Often it’s someone with administrative privileges doing the wrong thing.”

Turnbull also cautioned that ransomware gangs and hostile nation states are targeting identity systems because they remain the easiest pathway into organisations.

“93% of ransomware attacks in Australia come from compromised identity systems,” he said.

But Turnbull’s deepest concern wasn’t stolen customer data or even ransomware payouts. He said the real nightmare scenario is hidden malware buried deep inside critical infrastructure systems waiting to be activated and erupt.

“If I was of a disposition to be kept awake at night, I would be mostly worried about industrial control systems,” he said. “The malware that has been infiltrated into the electricity network, the telecom network, the hospital network, just sitting there, burrowed into your system, waiting to pull the trigger and shut things down.”

Turnbull warned that cyber attacks create a uniquely dangerous challenge because unlike traditional warfare, attribution is often murky.

“If a foreign country fires a missile and blows up your power station, that’s very clear,” he said. “If it is done by cyber means, it can have exactly the same effect, but it’s often harder to attribute. There is always an element of plausible deniability.”

Turnbull revealed Australia moved aggressively during his time in office to confront risks tied to foreign interference and telecommunications infrastructure, including the controversial decision to block Chinese telecommunications giant Huawei from Australia’s 5G rollout.

“We looked at it very carefully,” he said. “I did not want to ban Huawei because I wanted as many vendors in the mix as possible. But we came to the view that we couldn’t mitigate the risk.”

The former Prime Minister also criticised the normalisation of cybercrime among both consumers and corporations, arguing repeated data breaches have desensitised the public.

“People feel it isn’t such a big deal, but it is,” Turnbull said. “We don’t want this to be normalised.”

He compared modern cybercrime to organised physical theft happening openly in major cities.

“We wouldn’t accept a gang of thieves robbing every shop in Orlando or New York and just say, ‘Oh well, that just happens,’” he said.

Yet Turnbull said many businesses continue treating cyber breaches as an unavoidable operational expense instead of an existential risk.

“There is a tendency because there isn’t that physicality for people to just shrug their shoulders about it and almost treat it as a cost of doing business, which is very dangerous.”

Turnbull predicted class action lawsuits could become one of the strongest forces driving accountability in cybersecurity and moving forward.

“Any company that is not able to demonstrate that it is doing absolutely everything it can to protect its data and its customers’ data is very, very unwise,” he said.

The former leader addressed his concerns to current and future political leaders around the boost of technological disruption and the impact that has on Australia and its allies.

“Do not take anything for granted. Do not ever sink into complacency,” Turnbull said. “The challenge is never met. You cannot assume that the world is the same as it was when you went to bed the night before.”