Defending the Digital Frontline: Building a Cyber-Shield for Australia with Ben Tan

Ben Tan discusses Australia's cyber threats, critical infrastructure risks, and building national resilience through talent and international collaboration

The escalating cyber threats to Australian critical infrastructure and businesses are not just a technological challenge, but fundamentally a human one, addressed most effectively by leaders who combine military-grade strategic discipline with a deep commitment to talent development.

On this topic, we spoke with by Ben Tan, a leader whose career bridges the high-stakes discipline of military cyber defense with the dynamic front of private-sector innovation.

In this interview, he focuses on what he identifies as a critical vulnerability: the gap between technology and the people who manage it, and the idea that solving Australia's cyber resilience hinges as much on strategic leadership and skilled people as it does on advanced technology.

Interview with Ben Tan

How are cyber threats evolving in Australia, and which sectors, such as critical infrastructure, healthcare, or financial services, are most at risk today?

Cyber threats in Australia are becoming more targeted, more expensive, and more disruptive, even though the total number of incidents has slightly declined. Critical infrastructure faces the highest risk from state-sponsored actors probing networks for potential sabotage. Healthcare is heavily targeted due to sensitive patient data, outdated systems, and third-party vulnerabilities. Financial services remain a top target for credential theft, scams, and supply-chain breaches, though stronger regulation offers some protection.

Overall, ransomware, data theft, AI-powered scams, and third-party compromise are the fastest-growing threats across all sectors. Government sector has the highest risks today due to nation state threat actors.

Here is the ASD latest report.

What impact have Australia’s updated cybersecurity and data privacy regulations, such as the Security of Critical Infrastructure Act and Privacy Act reforms, had on how organizations manage cyber risk?

Australia’s updated cybersecurity and privacy laws especially the SOCI Act reforms and strengthening of the Privacy Act. This have pushed organisations to take a far more governed, proactive, and accountable approach to cyber risk. Companies now need formal risk-management programs, stronger board oversight, mandatory incident-reporting processes, and deeper assessment of third-party and supply-chain vulnerabilities.

Privacy reforms have also forced organisations to tighten data governance, minimise data collection, and embed privacy-by-design into systems. Overall, these changes have shifted cyber risk from an IT issue to a whole-of-business compliance, governance, and resilience requirement.

Are Australian businesses adequately prepared to detect, respond to, and recover from cyber incidents, or does the skills shortage continue to be a major barrier?

Most Australian businesses are still not fully prepared to detect, respond to, and recover from cyber incidents, despite growing awareness and investment. A significant skills shortage especially in incident response, threat detection, and cyber operations remains one of the biggest barriers, leaving many organisations with tools they cannot fully use and response plans they cannot effectively execute.

Overall, capability gaps continue to outpace threat growth, particularly for smaller and mid-sized organisations.

Given that small and medium-sized enterprises make up the majority of Australia’s economy, how can these businesses improve their cybersecurity posture despite limited budgets?

Small and medium-sized businesses in Australia can strengthen their cybersecurity without large budgets by focusing on a few high-impact essentials. Enabling MFA (Multi Factor Authentication), patching systems, using secure cloud services, improving staff awareness, and outsourcing monitoring to affordable MSSPs provide strong protection at low cost.

Clear policies, vendor-risk checks, and a simple incident-response plan further boost resilience. Together, these measures give SMEs most of the security benefits of large enterprises without the expense. This is part of Essential 8 which is a framework and security guidelines published by the ASD (Australia Signals Directorate).

With government funding and private investment increasing, where do you see the most promising growth areas in Australia’s cybersecurity industry, technology innovation, managed services, or training and certification?

Managed security services are the strongest growth area, with training & certification close behind, and focused technology innovation as a more niche but high-upside play.

Managed services (MSSP/MDR/OT security) will grow fastest because most Aussie organisations (especially SMEs and critical infrastructure) can’t hire enough talent, so they’re outsourcing 24/7 monitoring, incident response, and OT/ICS security.

Training, skills, and certification will see sustained growth due to the chronic cyber skills shortage and government push to build a bigger cyber workforce by 2030.

Technology innovation is promising where it’s specialised AI-assisted defence, identity, zero-trust, OT (Operation Technology), critical-infrastructure tools, and sovereign and Compliance-as-a-Service rather than trying to compete with global platform vendors.

How important is regional and global cooperation (for example with ASEAN or the U.S.) to strengthening Australia’s national cybersecurity resilience?

Regional and global cooperation is not optional for Australia and it’s essential. Cybersecurity today is a team sport: threat intel, disruption operations, supply-chain security, and norms-setting all require deep partnerships.

Without close cooperation with international partners, Australia’s cyber resilience would be significantly weaker.