Many SMBs assume cyber uplift only becomes important once a major client, insurer, or contract forces the issue. By the time that happens, the conversation is usually harder than it needs to be. For regional SMBs, especially those supporting larger organisations or operating around critical infrastructure supply chains, the better approach is often to start earlier and start practically. That does not mean launching an enterprise-scale cyber program. It means taking sensible

In my last article, I looked at the growing confusion many Australian businesses are facing when it comes to cyber security standards. There is no shortage of guidance. Between ISO 27001, Essential Eight, the ISM, CIRMP, VPDSS, RACGP guidance, legal sector expectations and SMB1001, most businesses are not struggling because there is nothing available. They are struggling because there is too much to take in, and not enough plain-English advice on where to start. That is where

Over the last 12 months, I have spent a lot of time looking at different cyber security standards, frameworks and sector requirements. The more you look, the more one thing becomes obvious: Australian businesses are not short on guidance. They are drowning in it. There is ISO/IEC 27001 , still one of the best-known information security management system standards. There is the ASD’s Essential Eight and the ASD’s Information Security Manual (ISM) . There is CIRMP for critica