Welcome to Terms & Breaches #005, where the cyber landscape is evolving faster than regulators can draft policies, and businesses are left scrambling to keep up. AI-powered phishing attacks and deepfake scams are more convincing than ever, while zero-click exploits ensure that even the most cautious users are at risk. Data breaches continue to skyrocket, particularly in vulnerable sectors like healthcare and education, highlighting the urgent need for proactive security measures. Governments are responding with a mix of cyber resilience initiatives and consumer protection strategies, such as smart device labeling schemes.
Meanwhile, cyber insurers are shifting their underwriting strategies to focus on Attack Surface Risk Management (ASRM), leveraging real-time security assessments with NDR, EDR, and cloud monitoring tools. With the SME cyber insurance gap still looming and fintechs navigating a growing demand for specialized coverage, the industry is balancing innovation with risk mitigation.
Whether you’re securing networks, rewriting insurance policies, or just trying to stay ahead of the next AI-driven scam, this week’s updates are worth your attention.
📰 Cyber Security
Australia & New Zealand
Australian Government Funds Smart Device Labels, 31 January 2025
The Australian Government is investing $1.7 million in a voluntary security labelling scheme for smart devices. The goal? Give consumers a better idea of how (in)secure their gadgets really are. The reality? Most people will still click “accept all” and hope for the best. The initiative, running for three years, is designed to align Australia with international security standards and push manufacturers toward secure-by-design principles. Read more
University of Notre Dame Confirms Cyber Attack, 30 January 2025
Higher education now comes with a side of cybersecurity crisis; the The University of Notre Dame Australia has reported a cyberattack to the Australian Cyber Security Centre, adding to the growing list of education sector breaches. With vast amounts of sensitive student data and research, universities remain prime hacker targets. Read more
Healthcare Sector Gets $6.4M Cybersecurity Boost, 29 January 2025
The Australian government has allocated $6.4 million to CI-ISAC Australia to establish a Health Cyber Sharing Network (HCSN), allowing hospitals and healthcare providers to share cyber threat intelligence. Given the wave of healthcare breaches, this initiative couldn’t come fast enough. Read more
Big Four Banks Adopt ConnectID for Digital Privacy , 28 January 2025
Digital ID, now with 99% less oversharing—because not every app needs your life story. Commonwealth Bank, NAB, ANZ, and Westpac are integrating ConnectID, a system allowing customers to verify their identity online without oversharing personal data. With over 10 million users onboard, this marks a shift toward consumer-controlled privacy and security. Read more
Experts Push for Stronger Cyber Defence and Data Control in ANZ, 28 January 2025
A new survey reveals that 70% of Australians feel powerless over how companies share their personal data, and many corporate boards lack a solid understanding of data governance challenges. Experts argue that data privacy strategies should focus on giving individuals more control over their information rather than just ticking compliance boxes. With the healthcare sector also a major target for cybercriminals, encryption and real-time monitoring are becoming critical defences. Read more
Rest of the world
Don’t Sacrifice Safety for Speed: AI-Savvy Cybercriminals Are Winning, 02 February 2025
AI is out here writing better phishing emails than your marketing team writes newsletters. Cisco warns that AI is making cyber threats faster, smarter, and harder to detect. Phishing emails now come with perfect grammar, deepfake scams are more convincing than your last Tinder date, and zero-click exploits mean users don’t even have to make a mistake to get compromised. Cisco urges enterprises to strengthen AI security, monitor network activity, and educate employees—because the biggest cybersecurity risk is still human error. Read more
More ChatGPT Jailbreaks Are Evading Safeguards, 01 February 2025
Researchers have found new ways to bypass ChatGPT’s safety measures, enabling it to provide guidance on malware creation and other restricted topics. The “Time Bandit” jailbreak exploits AI’s inability to reason across timelines, tricking it into revealing sensitive details. These vulnerabilities raise serious concerns about AI-powered phishing, misinformation, and privacy risks. Read more
Gmail Security Warning For 2.5 Billion Users—AI Hack Confirmed, 01 February 2025
A sophisticated AI-driven attack is targeting Gmail users, with hackers impersonating Google support technicians via phone calls and follow-up emails from legitimate Google domains. The attack tricks users into resetting passwords, bypassing traditional phishing defenses. Google advises users to verify phone numbers, monitor account activity, andenrol in Google’s Advanced Protection Program. Read more
Meta Confirms WhatsApp Cyberattack—What You Need To Know, 01 February 2025
Meta has confirmed that WhatsApp users were hit with a zero-click spyware attack affecting 90 high-risk individuals, including journalists and activists. The spyware, known as “Graphite,” was developed by Israel-based Paragon Solutions and can access all phone data, including encrypted messages. Meta has issued a cease-and-desist order and is considering legal action. Even hackers know people are too busy doomscrolling to fall for traditional scams. Read more
📰 Cyber Insurance
Australia & New Zealand
Australia: Actuaries Institute President Calls for Cyber Collaboration, 30 January 2025
The Actuaries Institute is urging greater collaboration among actuaries to tackle emerging risks, including cyber threats. As cyber incidents rise, the need for data-driven risk models and improved resilience strategies has never been clearer. When the number-crunchers start panicking about cyber risk, you know it’s getting real. Read more
ASIC Sets 2025 Cybersecurity Priorities, 29 January 2025
The Australian Securities and Investments Commission (ASIC) has laid out its 2025 focus areas, including cracking down on cyber resilience, fraud, and scams. The agency has already taken down over 7,300 phishing and investment scam websites since mid-2023. Cyber crooks better find a new hustle—ASIC’s fraud takedown game is picking up speed. Read more
Gallagher rolls out insurance to safeguard Australian fintechs in crypto space, 28 January 2025
Gallagher‘s Crypto-Pro insurance policy is a key development, providing specific coverage for Australian fintechs managing digital assets, and reflects the growing convergence of cybersecurity risks and insurance solutions. This policy addresses the unique cyber vulnerabilities faced by these companies, including the complexities of regulatory compliance and data security. It highlights the need for specialised cyber insurance products tailored to specific sectors and demonstrates a move towards proactive risk management, as opposed to reactive measures, due to increasingly sophisticated cyber threats. The policy launch is also indicative of a broader expansion of the cyber insurance market to cover emerging risks associated with digital assets and the fintech industry, in line with increased regulatory scrutiny and the acknowledgement of cyber vulnerabilities in all types of companies, regardless of size. Read more
Rest of the world
Cyber ILS market taps $750m for expanding insurance, 31 January 2025
The cyber insurance-linked securities (ILS) market is gaining traction, with over $750 million in investments aimed at bolstering coverage options. Experts predict the cyber insurance market will more than double within the next decade. Read more
Cyber Insights 2025: Cyberinsurance – The Debate Continues, 30 January 2025
The cyber insurance market is facing significant challenges in 2025, mainly due to the difficulties in balancing coverage and cost amidst a rapidly evolving threat landscape and increasingly complex technology. A market hardening is anticipated in 2025, meaning higher premiums and stricter underwriting, while new issues are also emerging including: the complexities of AI and data privacy, that introduce legal and risk considerations; the risks from third-parties and supply chains, highlighting vulnerabilities that require new assessments and coverage; and geopolitical tensions which blur the lines between criminal and state-sponsored cyberattacks, further complicating war exclusions in policies. Additionally, there is a potential need for government intervention to address systemic risks. In response to these issues, the industry must focus on enhanced risk management, data-driven risk analysis, and the adoption of Insurtech, as well as the need for specialised insurance products and proactive risk management strategies to keep pace with increasingly sophisticated threats. Read more
ASRM: A New Pillar for Cyber Insurance Underwriting, 30 January 2025
Attack Surface Risk Management (ASRM) is becoming a key element of cyber insurance underwriting, integrating real-time risk assessments and advanced tools. ASRM uses technologies like Network Detection and Response (NDR), Endpoint Detection and Response (EDR), Cloud Security, and Managed Detection and Response (MDR) services to provide a more accurate view of cyber risks. This proactive approach allows insurers to offer more accurate premiums, reduce claims, and build trust with policyholders. Forget “fill out this security questionnaire”—seems like insurers now want to see your cybersecurity in action. Read more
SMEs consider themselves ‘too small’ to fall victim to cyber-attacks – according to new ABI report, 29 January 2025
A new report from the Association of British Insurers (ABI) indicates that small and medium enterprises (SMEs) are severely exposed to cyber-attacks but are not taking advantage of cyber insurance. “Too small to hack” is the cybersecurity equivalent of “I don’t need insurance because I drive carefully.” Read more
If this week’s headlines prove anything, it’s that cybersecurity is no longer just an IT problem—it’s an everything problem. AI-powered scams are scaling faster than defenses, governments are rushing to regulate an industry that won’t wait for policies to catch up, and cyber insurers are rewriting the rulebook in real time. The balance between innovation and risk is getting harder to manage, and businesses that aren’t adapting are falling behind—fast.
Proactive security is no longer optional, and reactive insurance alone won’t cut it. Cyber resilience isn’t just about buying insurance or patching vulnerabilities after an incident. It’s about anticipating threats before they happen, securing what matters, and having a plan for when things inevitably go wrong. Because in this landscape, it’s not about if—it’s about when.
Stay vigilant. Stay insured. Stay ahead.