Latest News

Cyber Security Compliance: Everyone’s Starting Line is Different

Some organisations are training for the marathon. Think: 

  • APRA CPS 234
  • ISO 27001 
  • Information Security Manual (ISM)
  • SOCI Act 
  • NIST Cyber Security Framework 


These are complex, demanding and long-term compliance programs that require discipline and endurance. 


Others are pacing themselves for a solid social distance run, just enough to meet Privacy Act obligations or pass a security health check from a client or vendor. 


Wherever you are starting from, you are not alone. Cyber security compliance is a journey. Just like athletic training, it is not always about perfection. It is about progress.  


The finish line is always shifting. As a timely reminder, Australia’s new ransomware payment reporting laws take effect 30 May 2025. Many businesses will need to reassess their legal obligations and incident response readiness. Compliance is no longer about ticking boxes. It is about being prepared. 


At CyberUnlocked, I often step into the role of a Compliance Coach. It is not just about frameworks and documentation. It is about supporting businesses as they build capability. What many need most is: 

  • Encouragement to keep going, even when it gets tough
  • Guidance that fits their maturity, industry and supply chain expectations
  • A sounding board to help balance ambition with business reality 


Some organisations are starting with no or limited controls. Others are training to meet new regulatory obligations or align with client demands. No matter the starting point: 

  • Small, consistent steps build maturity
  • Practical wins can be more effective than perfect frameworks
  • Sometimes you need to sprint when deadlines or risks demand it 


There is a new standard worth watching. SMB1001 is designed for small and medium businesses. It: 

  • Supports scalable security maturity and certification
  • Fills the gap or avoids the overkill of applying ASD’s Essential Eight to every context
  • Provides a practical pathway to train towards ISO 27001 


An essential part of the compliance journey is understanding: 

  • What residual risk your business can live with
  • Whether to accept, mitigate or transfer those risks through controls, cyber insurance or both 
  • There is no such thing as perfect security. Defining an acceptable level of risk is key to building a strategy that works. 


If you are on the compliance track or helping your clients along theirs, let’s chat. Sometimes, having a coach in your corner makes all the difference. 

More CyberUnlocked Blogs

interview with intergy 2

Sarah McAvoy at Intergy Consulting for crucial cyber security posture and mitigate risks of cyber-attack

by CyberUnlocked 25 February 2025
In the second part of our interview with Intergy Consulting, our founder, Sarah McAvoy from CyberUnlocked, explained the most critical cyber security measures that businesses can take today to enhance their security posture and mitigate risks of cyber-attack. Watch the full video to gain expert insights on how to protect your organisation from modern cyber security challenges!
Cover for Genea Cyber Attack

Genea Cyber Attack: Key Lessons and Essential Cyber Security Strategies for Healthcare

by Sarah McAvoy 24 February 2025
The Genea incident serves as a stark reminder of the evolving cyber threats facing the healthcare sector. By adopting comprehensive cyber security strategies and fostering a culture of vigilance, organisations can better protect themselves and their patients from future attacks.

Understanding the Australian Threat Landscape with Sarah McAvoy & Intergy Consulting

by CyberUnlocked 17 February 2025
Recently, our Founder, Sarah McAvoy had the pleasure of sitting down with our partner Intergy Consulting to have a discussion on the convergence of cyber security and software development.