Welcome to the fourth issue of Terms & Breaches, where last week’s cybersecurity and cyber insurance news gets a no-nonsense breakdown. From Australia’s push for zero-trust policies and phishing attacks spiking across ANZ to a Microsoft BitLocker flaw leaving passwords exposed, the headlines didn’t hold back. Meanwhile, on the insurance front, ransomware resilience and proactive prevention services are reshaping the industry, while Asia sees expanding cyber insurance coverage and rising demand. Whether it’s a new trade opportunity or a reminder to patch yesterday, MSPs have plenty to tackle this week.
📰 Cyber Security
Australia & New Zealand
Global Victoria Cybersecurity Trade Program Open for Applications, 27 January 2025
Victorian cybersecurity companies are getting a golden ticket to crack the US market, thanks to Global Victoria’s trade program. Expect business matching, access to industry events, and a serious push to ride the US’s skyrocketing cybersecurity budget.
Cyber Security MSPs looking to expand their reach into the US should consider leveraging this program; it’s a strategic step to tap into one of the world’s largest cybersecurity markets.
Phishing Email Attacks Spike Across Australia, 23 January 2025
Phishing emails targeting Australian firms rose by 30% in 2024, with credential phishing attacks across APAC increasing by 30.5%. The region’s strategic importance in trade, finance, and defence makes it a ripe target, while AI has made it easier for criminals to generate phishing material. MSPs must prioritize client training and robust defences to combat this rising tide.
Australian Cybersecurity Policy Seeks Public Feedback, page updated on 22 January 2025
The Australian Government has unveiled its Cyber Security Strategy consultation package for 2023-2030, aiming to make Australia a global leader in cyber resilience by 2030. The initiative includes updates to the Protective Security Policy Framework (PSPF) and seeks input from cybersecurity experts, Commonwealth providers, and organisations running similar resilience programs. The consultation runs from 2 December 2024 to 28 February 2025, with town hall sessions planned to gather wider feedback.
A nationwide consultation—because fixing vulnerabilities starts with listening to the people on the frontlines.
Rest of the world
🚨 Microsoft BitLocker Flaw Exposes Passwords, 26 January 2025 🚨
Microsoft has patched a critical vulnerability in its BitLocker system that could expose unencrypted hibernation data, including passwords, in plain text. Organisations must update immediately to protect sensitive information.
BitLocker? More like BitOfAProblem. Patch it, yesterday.
Myanmar’s Controversial Cybersecurity Law Criticized, 25 January 2025
Myanmar’s new cybersecurity law has been widely criticized for suppressing dissent and criminalising privacy tools like VPNs. Human rights groups argue it’s an alarming move towards digital authoritarianism.
When cybersecurity laws become tools of oppression, everyone loses—except authoritarian regimes.
PayPal Fined for Cybersecurity Failures, 23 January 2025
PayPal has been fined $2 million by New York regulators for cybersecurity failures that exposed customers’ Social Security numbers, names, and dates of birth. The breach occurred over a seven-week period due to inadequate staffing and training in cybersecurity functions. PayPal has since implemented multifactor authentication across all U.S. customer accounts.
Trump Administration Dismisses Cybersecurity Review Board, 22 January 2025
The Trump administration has dismissed members of the Cyber Safety Review Board (CSRB) as part of broader cost-cutting measures. The CSRB, which was created to analyse major cyber incidents, was investigating the U.S. telecom hacks attributed to Chinese APT group Salt Typhoon. Critics argue this decision undermines efforts to improve cybersecurity in both public and private sectors.
Firing the CSRB during an active investigation…because nothing says “security” like cutting the people trying to provide it.
📰 Cyber Insurance
ANZ
Lynx Ransomware Hits Australian Automotive Manufacturer, 22 January 2025
Clutch Industries Pty Ltd, an Australian automotive manufacturer, confirmed a ransomware attack by the Lynx group. Claiming responsibility, Lynx alleges it obtained 350GB of sensitive data, including employee records and financial information. This breach highlights the escalating cyber risks businesses face in Australia. Clutch Industries has since reported the incident to the Australian Signals Directorate‘s Australian Cyber Security Centre (ACSC) and ramped up its security measures.
Another week, another ransomware gang proving your internal systems are a hacker’s playground. Time to double-check those backups.
Rest of the world
KnowBe4 Stresses Need for Cyber Insurance, 22 January 2025
In its latest report, KnowBe4 underscores the growing need for cyber insurance amid escalating digital threats. Key findings reveal a data breach’s average cost has surged to $4.88 million, and social engineering leads as a primary attack vector. Human error, responsible for 75% of breaches, remains cybersecurity’s Achilles’ heel.
With breach costs soaring and human error running rampant, cyber insurance isn’t just an expense. It’s your lifeboat in a storm of digital illiteracy.
QBE Highlights Limited Asian Coverage, 23 January 2025
QBE Insurance plans to expand cyber insurance offerings across Asia, targeting Singapore and Hong Kong. Increasing digitalization and regulatory demands have driven regional demand, though coverage gaps remain. QBE emphasizes the importance of strong cybersecurity frameworks to qualify for policies.
Offering coverage in Asia? Great. Expect insurers to demand proof your firewall isn’t powered by duct tape and hope.
DUAL Europe Launches Innovative Cyber Insurance Solution, 22 January 2025
DUAL Europe has debuted Cyber Active Protect, a comprehensive product that fuses cyber insurance with proactive prevention services. Features include advanced identity security powered by Silverfort , a robust cybersecurity platform by Cynet Systems, and incident management solutions under DUAL CPR. This innovation is designed to make uninsurable risks insurable.
Singapore’s Cybersecurity Firms Thrive , 21 January 2025
Singapore’s cybersecurity and insurance sector is booming, driven by rising demand for AI-powered solutions in finance and cloud security. The region’s strategic importance continues to fuel growth for innovative firms.
Who says cybersecurity can’t be sexy? Singapore’s firms are out here proving it’s a thriving business—and maybe the next global hotspot.
Cyber Insurance Bolsters Ransomware Resilience, 20 January 2025
A study by the University of Michigan and Harvard University shows cyber insurance is improving ransomware resilience. Insurers now encourage strong security measures rather than ransom payments, driving better practices industry-wide.
Who knew an insurance policy could double as a digital drill sergeant? Resilience never looked so profitable.
Businesses and governments face a rapidly evolving cybersecurity landscape that demands a proactive, collaborative approach. From adopting zero-trust principles to prioritising regular vulnerability management, organisations must fortify their defences while leveraging tools like cyber insurance to mitigate financial risks. Success will hinge on fostering partnerships across sectors, ensuring preparedness against sophisticated attacks, and advancing cyber resilience before threats become crises.