�鶹��madou

And in March 2023, non-bank lender Latitude Financial was  that resulted in the theft of approximately 7.9 million driver licence numbers and associated personal information.

Meanwhile, the  (OAIC) is currently pursuing legal cases �����Ի��� for their alleged inadequate security and/or response to other previous cyber-attacks.

But the OAIC has also welcomed the new  passed in December 2024, which it says will strengthen its enforcement toolkit, including an enhanced civil penalty regime and infringement notice powers.

The Bill also provides important clarification to the scope of existing security obligations to expressly require organisations to implement technical and organisational measures – such as encrypting data, securing access to systems and premises, and undertaking staff training – to address information security risks.

Dr Hammond Pearce, a lecturer from �鶹��madou's School of Computer Science and Engineering, says more severe sanctions are welcome against companies that do not protect personal information, although he acknowledges that regulators must be careful not to scare businesses into not reporting breaches.

“I think one of the big challenges in cybersecurity right now is that there are not large punishments for companies that don't look after data properly, that are not responsible shepherds,” Dr Pearce said as part of the Engineering the Future podcast series.

“I would like to see much larger compulsory fines and things like that. But then, of course, there's the flip side. When you make the punishment so severe, then companies will go, ‘Oh, I had data stolen. I'm not going to tell anyone because then we're going to get a big, big fine.’

“Right now, because the penalties are low, perhaps companies are more forthright when something goes wrong. But it would be nice if they would actually just do the protections properly in the first place so that thefts were more difficult,” he added.

“Security is only ever a cost for your business until it goes wrong, then it becomes a liability. So, it would be nice if there were better regulations to try and make it a liability always so that people were more motivated to try and do the right thing.”

Sharat Madanapalli, director of  and a fellow guest on the Engineering the Future podcast episode, agrees that Australian businesses should be doing more to improve security against cyber-attacks.

He points out that regulations are much more stringent in the European Union, forcing companies to have a greater focus on protecting data when doing business in that market.

“It's not that the companies cannot do it. I've seen products that are launched in the rest of the world first, and they often take a few months to then roll it out in Europe because of all the regulations that are enforced by European Union – to make sure they adhere to those,” he said.

“And once they do that, I think the rest of the systems are of course automatically upgraded to be more safe and secure.”

When it comes to cybersecurity for individuals, the experts offer some important pieces of advice to help prevent personal data being stolen.

“For me, it comes down to just always be suspicious,” Dr Pearce says. “If you see something on your computer screen, be suspicious because it might not be coming from who you think it is. It might not be coming from the website you think it is.”

Mr Madanapalli, meanwhile, recommends a password manager as a vitally important tool.

“Installing a password manager is a good starting point to not be hacked. Just make sure it’s one that you’ve reviewed, and you know can be trusted.

“I don’t feel there are so many people right now who use a password manager. Instead they are using the same password for all their accounts, or they are writing passwords down in an unsecure notes app. Those are much more inferior options when it comes to being safe online.

“But against phishing attacks I agree that you need the behavioural trait of being suspicious.”