Security wrap-up for 2025

As we wrap up the year, one thing stands out and that’s nothing in our sector sits still anymore. Not the threats or regulations, and not the expectations on anyone managing critical infrastructure in Australia.

This year has again been about keeping pace with that reality and making sure our security environment can move with it, not lag and hope for the best. A lot of work has gone into tightening our core frameworks.

ISO 27001

We’ve continued moving toward ISO 27001 compliance building habits and discipline into everyday decisions. It’s a slow burn, but the work sticks, and we are almost at the finish line.

Essential Eight

We’ve aligned more closely with the Essential Eight, lifting our maturity and tightening the practical measures that protect us from the issues we’re all talking about across the sector.

SOCI Act

The SOCI Act keeps evolving, and we’ve been investing the time to ensure our reporting and assurance processes line up cleanly with what’s required now, and what’s likely to come next.

None of these pathways are “set and forget.” They require constant adjustment, and that’s the mindset we have across the business.  If this year has confirmed anything, it’s that static security doesn’t work. The threat environment doesn’t pause because the documentation looks good.

We’ve taken a more fluid approach with reviewing, adjusting, and pivoting as new information comes in. That includes new controls, new ways of monitoring, learning from incidents around the world, and helping our clients stay ahead of what the regulators expect rather than scrambling after the fact. It’s made our work faster, more responsive, and more realistic to the environment we’re all operating in.

One of the real positives this year has been how early clients are bringing us into conversations. It has allowed us to provide the answers to all those security questionnaires which make our clients comfortable so that we are well positioned to partner with them moving forward.

Looking Ahead there’s no sign that the pressure on our sector will ease. Regulations will keep shifting. Threats will keep evolving. Technology will keep changing faster than anyone would like. Our intention for 2026 is simply to stay ahead of it, stay practical, and keep building systems that are solid enough to rely on but flexible enough to adapt when they need to.  Supported by our business partners Fortian and ISGQ, we’ll continue to strengthen our frameworks, improving our reporting and assurance monitoring, and expanding the tools that help us and our clients.

Written by Jacqueline Button