Latest News

Cyber Security Compliance: Everyone’s Starting Line is Different

Some organisations are training for the marathon. Think: 

  • APRA CPS 234
  • ISO 27001 
  • Information Security Manual (ISM)
  • SOCI Act 
  • NIST Cyber Security Framework 


These are complex, demanding and long-term compliance programs that require discipline and endurance. 


Others are pacing themselves for a solid social distance run, just enough to meet Privacy Act obligations or pass a security health check from a client or vendor. 


Wherever you are starting from, you are not alone. Cyber security compliance is a journey. Just like athletic training, it is not always about perfection. It is about progress.  


The finish line is always shifting. As a timely reminder, Australia’s new ransomware payment reporting laws take effect 30 May 2025. Many businesses will need to reassess their legal obligations and incident response readiness. Compliance is no longer about ticking boxes. It is about being prepared. 


At CyberUnlocked, I often step into the role of a Compliance Coach. It is not just about frameworks and documentation. It is about supporting businesses as they build capability. What many need most is: 

  • Encouragement to keep going, even when it gets tough
  • Guidance that fits their maturity, industry and supply chain expectations
  • A sounding board to help balance ambition with business reality 


Some organisations are starting with no or limited controls. Others are training to meet new regulatory obligations or align with client demands. No matter the starting point: 

  • Small, consistent steps build maturity
  • Practical wins can be more effective than perfect frameworks
  • Sometimes you need to sprint when deadlines or risks demand it 


There is a new standard worth watching. SMB1001 is designed for small and medium businesses. It: 

  • Supports scalable security maturity and certification
  • Fills the gap or avoids the overkill of applying ASD’s Essential Eight to every context
  • Provides a practical pathway to train towards ISO 27001 


An essential part of the compliance journey is understanding: 

  • What residual risk your business can live with
  • Whether to accept, mitigate or transfer those risks through controls, cyber insurance or both 
  • There is no such thing as perfect security. Defining an acceptable level of risk is key to building a strategy that works. 


If you are on the compliance track or helping your clients along theirs, let’s chat. Sometimes, having a coach in your corner makes all the difference. 

More CyberUnlocked Blogs

What Australia’s New AI Plan Means

What Australia’s New AI Plan Means

by Sarah McAvoy 12 December 2025
Australia has released its National AI Plan, a roadmap that explains how the country will use and manage artificial intelligence in the years ahead. The plan aims to help people and businesses benefit from AI while keeping safety, fairness and trust at the centre.
Code snippet with a red error symbol, likely indicating a code error.

React2Shell: What You Need To Know About This New Server-Side React Risk

by Sarah McAvoy 11 December 2025
React2Shell is a critical server-side React flaw. This guide explains the risk, who may be exposed and the steps organisations must take to protect systems and data.

Beyond the Keyboard: How AI Is Becoming an Active Player in Cybercrime

by Sarah McAvoy 24 November 2025
Beyond the Keyboard: How AI Is Becoming an Active Player in Cybercrime