With threat actors increasingly using AI for malicious activity, a swift and equal advancement in government cybersecurity strategies is needed, writes Craig Searle.
Public sector organisations face unprecedented cybersecurity challenges as artificial intelligence reshapes how adversaries launch attacks. Threat actors now use AI to execute large-scale, highly personalised phishing campaigns, automate the discovery of vulnerabilities, and evade detection faster than traditional defences can respond. These developments demand an equally rapid evolution in government cybersecurity strategies, particularly as critical infrastructure and sensitive citizen data remain prime targets.
Australian Government agencies continue to report an alarming volume of cyber incidents, with malicious activity now the primary driver of breaches. Businesses and government agencies reported 1,113 data breaches to the Office of the Australian Information Commissioner in 2024, a 25 per cent increase from 2023 and the highest annual total since mandatory reporting began in 2018.
However, these figures do not reflect the full scope of the threat, as key public sector entities, including federal political parties and members of parliament, remain exempt from reporting obligations. This uneven application of standards across jurisdictions creates critical blind spots in government security postures that are increasingly exploited by state-sponsored actors and ransomware groups.
This regulatory fragmentation undermines national cyber resilience commitments and signals to attackers that some parts of government remain soft targets. Data from the OAIC in 2024 showed that 87 per cent of public sector breaches were identified more than 30 days after the incident, and 78 per cent were reported late. These delays in detection and disclosure heighten the risk of prolonged damage and erode public trust in government’s ability to secure personal data.
Governments must shift to proactive cyber readiness.
Downstream impacts can include compromised services, weakened incident response, and long-term reputational damage when major breaches go unreported or are significantly delayed in their disclosure. The lack of a level playing field continues to create confusion and inconsistency in breach management with some agencies facing financial penalties for non-compliance while others are exempt altogether.
The absence of cohesive rules sends the wrong message to both attackers and the public. For adversaries, it highlights vulnerabilities within the system where oversight is limited. For citizens, it raises questions about which breaches are disclosed, how quickly, and what accountability mechanisms are in place. Public confidence in data governance remains fragile without a consistent national framework, and opportunities to learn from cyber incidents are lost.
Government defences must evolve alongside attackers, especially when AI is being used to identify and exploit technical vulnerabilities at speed. AI facilitates increasingly sophisticated forms of intrusion – from manipulating cloud configurations to mimicking legitimate users. These risks are exacerbated by the persistence of legacy systems across agencies, which offer minimal resistance to modern attack methods and expose entire networks to avoidable compromise.
AI’s role in accelerating and refining attack vectors means that even minor weaknesses in infrastructure or process can be rapidly scaled into major breaches. Public sector systems built on outdated software or lacking in basic identity verification controls are especially vulnerable. Threat actors no longer need weeks or months to gain entry and escalate privileges; they can now do so in near real-time, using AI to bypass traditional safeguards with ease.
State-sponsored attackers and ransomware operators are adapting their playbooks accordingly. These groups have moved beyond simple disruption or data theft and are now leveraging AI to increase the accuracy, impact, and frequency of their campaigns. Probing for inconsistencies in government defences and jurisdictional loopholes lets attackers exploit the very fragmentation that hampers Australia’s coordinated response.
The gap between attacker capability and public sector defence will only widen.
Governments must shift from reactive, compliance-based approaches to proactive cyber readiness as threats evolve. This requires government agencies to assess existing defences through the lens of AI-enhanced threat capabilities. Legacy infrastructure must be modernised, identity verification strengthened, and incident response frameworks re-engineered to accommodate faster, more adaptive attack timelines. Crucially, the public sector must invest in threat intelligence that factors in AI’s role in shaping attack vectors.
Consistency in breach reporting is another foundational step. A unified national framework that establishes consistent consequences for non-compliance would address the current jurisdictional inconsistencies that hinder transparency and responsiveness. Attackers will continue to exploit regulatory gaps without this, and accountability will remain elusive when data is lost or compromised.
The impact of data breaches goes beyond operational disruption; it damages public confidence in government institutions. Citizens expect their data to be handled responsibly and securely, and it erodes trust when breaches occur and reporting is delayed or inconsistent.
Cybersecurity is no longer just a technical challenge. It must become a core component of public sector service delivery, and the public sector should treat cyber readiness with the same rigour as any CI investment. It is possible for governments to shift the advantage back in their favour by anticipating how AI may be used offensively and building systems resilient to its speed and scale.
The gap between attacker capability and public sector defence will only widen without immediate, coordinated action. AI is rewriting the rules of engagement in cyber warfare, and governments must rewrite the rules of accountability, coordination, and capability development before the next breach becomes a national crisis to keep pace.
Craig Searle, director, consulting and professional services (Pacific) and global leader of cyber advisory, Trustwave
Leave a Reply