20 Apr 2025
ACN’s State of the Industry 2024 report states that “69 per cent of businesses have experienced a ransomware attack” (p. 21 and 27).
This is obviously an error – 1,837,468 Australian businesses were not hit by ransomware in 2024 or ever. Yet, this error is now ironically being repeated:
The Information Age writes “Of the 69 per cent of businesses hit by ransomware in the past five years, the ACN observed a staggering 84 per cent opted to pay the ransom” and “the average ransom payment climb to $1.35 million” omitting to think this would have cost the Australian economy upwards of 2 trillion dollars and no one noticed.
Tech Business News writes “69% of businesses hit by ransomware in 2024” failing to conclude that this would amount to 5034 ransomware incidents per day.
Marty McCarthy from LinkedIn writes “69% of businesses hit by ransomware last year”.
Jason Murrell writes “69% of Australian businesses hit by ransomware[.] 84% paid… average payment? $1.35M!”
Continue reading →
26 Mar 2025
Professionalisation is haunted by spectres: contradictory evidence, uncertain promises, unresolved concerns, lingering doubts, incomplete solutions, false closure, unseen exclusions, and past scandals.
This essay aims to call out these spectres so they can be examined in themselves but more importantly so that their influence on how we’re approaching professionalisation can be properly examined.
We do not summon the spectres, and even if we choose to ignore them, they still exist.
Continue reading →
12 Mar 2025
The cybersecurity industry is being overtaken by a push for professionalisation. Its proponents justify this push as a necessary step to better protect the public, businesses, and consumers. But a closer look reveals an ideology that elevates certain values, devalues others, and even excludes some values altogether.
What is the cost of this devaluation, and who pays the price? To answer this, we will look to a case study of the UK’s cybersecurity professionalisation scheme, specifically the UK Cyber Security Council Competence & Commitment (UK CSC SPC). We’ll refer to UK CSC as “the Council,” as that’s how its creators describe themselves.
My end goal is to encourage reflection and questioning throughout the industry. By thinking critically about professionalisation, we can reflect on our ethical responsibilities toward those who are devalued or excluded – and decide whether change is necessary.
Continue reading →