Latest News

Cyber Security Compliance: Everyone’s Starting Line is Different

Some organisations are training for the marathon. Think: 

  • APRA CPS 234
  • ISO 27001 
  • Information Security Manual (ISM)
  • SOCI Act 
  • NIST Cyber Security Framework 


These are complex, demanding and long-term compliance programs that require discipline and endurance. 


Others are pacing themselves for a solid social distance run, just enough to meet Privacy Act obligations or pass a security health check from a client or vendor. 


Wherever you are starting from, you are not alone. Cyber security compliance is a journey. Just like athletic training, it is not always about perfection. It is about progress.  


The finish line is always shifting. As a timely reminder, Australia’s new ransomware payment reporting laws take effect 30 May 2025. Many businesses will need to reassess their legal obligations and incident response readiness. Compliance is no longer about ticking boxes. It is about being prepared. 


At CyberUnlocked, I often step into the role of a Compliance Coach. It is not just about frameworks and documentation. It is about supporting businesses as they build capability. What many need most is: 

  • Encouragement to keep going, even when it gets tough
  • Guidance that fits their maturity, industry and supply chain expectations
  • A sounding board to help balance ambition with business reality 


Some organisations are starting with no or limited controls. Others are training to meet new regulatory obligations or align with client demands. No matter the starting point: 

  • Small, consistent steps build maturity
  • Practical wins can be more effective than perfect frameworks
  • Sometimes you need to sprint when deadlines or risks demand it 


There is a new standard worth watching. SMB1001 is designed for small and medium businesses. It: 

  • Supports scalable security maturity and certification
  • Fills the gap or avoids the overkill of applying ASD’s Essential Eight to every context
  • Provides a practical pathway to train towards ISO 27001 


An essential part of the compliance journey is understanding: 

  • What residual risk your business can live with
  • Whether to accept, mitigate or transfer those risks through controls, cyber insurance or both 
  • There is no such thing as perfect security. Defining an acceptable level of risk is key to building a strategy that works. 


If you are on the compliance track or helping your clients along theirs, let’s chat. Sometimes, having a coach in your corner makes all the difference. 

More CyberUnlocked Blogs

CyberUnlocked Insights: Featured in TechPartner.News

CyberUnlocked Insights: Featured in TechPartner.News

by CyberUnlocked 7 October 2025
CyberUnlocked founder Sarah McAvoy was recently featured in an article on techpartner.news titled, "The Compliance Dilemma for Technology Partners: Risk, Revenue, and Reputation." The piece highlights the growing pressure on technology partners to become compliance experts. It’s a brilliant article that gets straigh
lock popping up on laptop

Penetration Testing Explained: A Guide for Australian Organisations

by CyberUnlocked 4 September 2025
Protecting your business online is much like securing your home. You may lock the doors and windows, but how can you be certain they will hold if someone tries to force them open? Penetration testing works in a similar way. It allows trusted experts to test your defences before a real attacker has the chance. By asking

CyberUnlocked chair AI Governance Summit 2025

by CyberUnlocked 11 August 2025
CyberUnlocked chaired the AI Governance Summit 2025 in Sydney. The event brought together leaders from government, industry, and critical infrastructure to discuss how Australia can build a safe and trustworthy future with artificial intelligence (AI).