Welcome to this week’s Terms & Breaches. In the last week, ACSC warned of impersonation scams, Australia logged 47 million data breaches in 2024, and a federal ban on Chinese AI chatbots has been issued over national security concerns. Meanwhile, zero trust architectures are gaining traction, and health devices with Chinese-linked backdoors are raising fresh alarms.
Globally, AI-driven cyber disputes are causing legal headaches in Hong Kong and Singapore, Five Eyes is tightening security guidance for network edge devices, and Singapore’s Flexxon is embedding AI directly into cybersecurity hardware. Even the Super Bowl got a cybersecurity ad featuring a goat—because nothing says mass adoption like a 30-second prime-time spot. Meanwhile, Elon Musk’s DOGE initiative is making security professionals nervous, as government data integrity gets tested by unauthorized tech bro “oversight.”
On the cyber insurance front, AI-related liability risks are pushing regulators to rethink policy frameworks, and ransomware case studies are proving just how essential insurance-backed response teams have become. But it’s not all silver linings—59% of breaches in the insurance sector are still caused by third-party security failures, prompting a renewed focus on supply chain resilience. And in the UK, a new Cyber Monitoring Centre is introducing a “digital Richter scale” to quantify cyberattack severity and improve risk assessments.
📰 Cyber Security
Australia & New Zealand
🚨 Email scammers impersonating the ASD's ACSC, 3 February 2025 🚨
Cybercriminals are impersonating the Australian Signals Directorate‘s Australian Cyber Security Centre (ACSC) through emails and phone calls, attempting to steal personal data or install malware. The ACSC has issued a warning: if you receive an email offering antivirus software, asking for cryptocurrency, or threatening you into compliance—it’s a scam, not a government agency. Read more
Australia records 47 million data breaches in 2024 – one every second, 7 February 2025
Australia ranked 11th globally for data breaches last year, with one account compromised every second. Worldwide, 5.6 billion accounts were exposed, including a major DemandScience breach and a cybercrime forum leak of millions of email addresses. Given the sheer scale of incidents, it’s no wonder Australians are questioning who—if anyone—is in control of their data. Read more
Zero trust cybersecurity strategy gains momentum, 6 February 2025
The Australian Government is going all-in on Zero Trust Architecture—which, in plain terms, means “trust no one, verify everything.” The strategy requires strict identity verification, continuous validation, and minimal access privileges. It’s a way of saying “clicking on a sketchy link could have consequences beyond embarrassing Google searches.” Read more
Sydney Metro’s Cyber Security playbook: Closed networks and no shortcuts, 6 February 2025
Sydney Metro is tackling cyber threats head-on with closed-network systems, continuous risk assessments, and adherence to international security standards. Given that automation is expanding attack surfaces, their security-by-design model should be the bare minimum for critical infrastructure—but at least they’re not leaving the digital doors wide open. Read more
China-based backdoor found in health devices, 6 February 2025
Medical devices from Contec CMS8000 are transmitting patient data and remote access requests to a China-based IP address, raising serious national security and patient safety concerns. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has advised removing these devices from networks immediately, unless you enjoy the idea of patient vitals being rerouted through a foreign server. Read more
Chinese AI chatbot DeepSeek banned from government devices, 4 February 2025
DeepSeek, an AI chatbot developed in China, has been banned from Australian federal devices due to national security risks. Turns out, giving an AI chatbot root access to government machines wasn’t the cybersecurity breakthrough some had hoped for. Read more
Rest of the world
Cyber Security tops legal dispute risks in Hong Kong & Singapore, 7 February 2025
A Baker McKenzie survey found that cybersecurity and data privacy are now the #1 dispute risks for businesses in Hong Kong and Singapore. AI-driven threats, workforce training gaps, and compliance failures are fueling legal battles, with most businesses expecting higher dispute costs in 2025. The takeaway? If your security fails, your lawyers get busy. Read more
Scapegoat To Cyber GOAT: Cybersecurity hits the Super Bowl, 6 February 2025
Cybersecurity finally made it to the big leagues—literally. Pentera’s “Scapegoat to Cyber GOAT” (that means “Greatest Of All Time”, you uncultured sw- sweethearts) campaign debuted at the Super Bowl, because apparently, the best way to convince companies to take cyber threats seriously is to slip it between beer commercials and half-time performances. The campaign highlights the critical role of cybersecurity professionals, pushing for a proactive security mindset rather than waiting for the next inevitable breach. Featuring interactive elements and an educational push, Pentera is making sure CISOs get the spotlight they deserve—right alongside quarterbacks and overhyped commercials. Read more
Five Eyes drops new guidance on network edge device security, 6 February 2025
The Five Eyes Insider Risk Practitioner Alliance has issued new cybersecurity guidance aimed at device manufacturers—because apparently, the memo that routers, firewalls, and IoT devices are prime hacker targets never quite landed. The advisory outlines best practices for securing network edge devices, expectations for forensic visibility, and the not-so-subtle reminder that attackers love exploiting unpatched firmware and lazy security configurations. Given that edge devices connect directly to external networks, the guidance is less of a recommendation and more of a “please, for the love of security, do this now” directive. Read more
DOGE: Elon Musk’s Cyber Security crisis in real-time, 4 February 2025
Elon Musk’s DOGE initiative (no, not the meme coin) has tech-savvy “hackers” with questionable credentials accessing sensitive government systems. Critics are sounding alarms about compliance breakdowns, data security failures, and a general lack of oversight. Because nothing says national security like rogue engineers with root access. Read more
From flash drives to AI-fortified security: Singapore’s Flexxon goes global, 4 February 2025
Singapore’s FLEXXON has put itself on the global cybersecurity map with X-Phy, an AI-embedded security storage device designed to detect and neutralize threats before they wreak havoc. Think of it as a digital guard dog living inside your hardware—except it never sleeps, never eats, and doesn’t need belly rubs. With 40 patents worldwide and backing from Enterprise Singapore, Flexxon is securing new markets and intellectual property protections to push its security-first storage solutions to the mainstream. The takeaway? AI isn’t just the hacker’s best friend anymore—it’s now on defense, too. Read more
📰 Cyber Insurance
Australia & New Zealand
AI and insurance: Navigating the emerging risk landscape, 6 February 2025
The Australian Government is evaluating AI-related risks, from algorithmic bias to model instability. The Voluntary AI Safety Standard aims to address liability concerns, but businesses may face lawsuits over AI failures, leading insurers to rethink coverage strategies. Read more
How a cyber attack made B&R Enclosures stronger, 6 February 2025
Chris Bridges-Taylor of B&R Enclosures, walked through how a crippling ransomware attack turned into a crash course in cyber resilience. The company learned firsthand that compromised credentials and unpatched software are hacker catnip, and that a cyber incident response plan isn’t just a compliance checkbox—it’s a survival tool. With Australia now requiring businesses over $3 million in revenue to report ransomware attacks to ACSC, companies are being forced to rethink their security postures. Cyber insurance and response teams? Turns out they’re not just “nice to have”—they’re your business continuity plan. Read more
P.S.: MSPs, don’t take on risks you don’t need. Cyber Threat Insure (CTI) helps you strengthen client security—without exposing yourself to liability. Bridge the gap between cyber resilience and insurance without becoming the advisor. Let’s talk: enquiries@cyberthreatinsure.com
AI safety, climate and healthcare reform take center stage, 5 February 2025
The Actuaries Institute has mapped out its top 2025-26 Pre-Budget priorities, and cybersecurity is sitting alongside cost of living relief, climate resilience, and AI safety. The focus? Balancing innovation and risk, ensuring emerging tech doesn’t unleash chaos before regulations catch up. With AI-driven cyber threats rising, the conversation is shifting from “How do we use AI?” to “How do we not let AI break everything?” Read more
Cyber insurance for the cost of a coffee?, 4 February 2025
SMEs are often one ransomware attack away from disaster, yet many remain uninsured due to cost and lack of awareness. Allianz Partners is tackling this gap with allyz Cyber Care, offering affordable cyber protection for individuals and SMEs for as little as $3-$5 a month. Vinay Surana says, “For me, that price point is very important because if it is too expensive, then people will not buy it.” But here’s the thing: most SMEs still don’t think they’re big enough to be targeted—a logic as solid as “I don’t need health insurance because I eat vegetables.” Industry experts are urging insurers, governments, and businesses to bridge the security gap before it turns into a financial sinkhole. Read more
Rest of the world
UK’s new Cyber Monitoring Centre unveils digital Richter scale for cyber attacks, 7 February 2025
The UK’s new Cyber Monitoring Centre (CMC) is introducing a five-tier severity scale for cyber incidents, modeled after earthquake risk assessments. The CMC is an independent nonprofit organization set up by the UK insurance industry to boost trust in the cyber insurance market and improve the nation’s understanding and response to cyber threats. The CMC aims to create a system for describing the seriousness of cyber events, similar to the Richter scale for earthquakes. The goal? Improve market trust in cyber insurance and give insurers a standardized way to assess damage. Read more
SecurityScorecard: 59% of Insurance sector breaches came from third-party risks, 6 February 2025
A new SecurityScorecard report confirms what cyber risk experts have been screaming about for years: third-party vendors are the weakest link. Of the top 150 insurance companies hit by breaches, 59% were due to third-party vulnerabilities, particularly in application security, DNS health, and network security. The lesson here? If your supply chain isn’t secure, neither are you. Recommendations include strengthening third-party risk management, making sure vendors actually have a cybersecurity program, and resisting the urge to pay ransomware demands and hope for the best. Read more
MSPs, the takeaway is clear: security isn’t just about firewalls and endpoint protection—it’s about resilience. That means staying ahead of regulatory changes, ensuring clients have response plans that actually work, and understanding how insurance fits into the bigger picture. Cyber Threat Insure helps MSPs do exactly that—without the liability headaches. Because in cybersecurity, proactive beats reactive every time.