Australian businesses are placing cybersecurity at the forefront of their risk management priorities, according to the latest findings from Aon plc’s 2025 Global Risk Management Survey.
The survey – which canvassed nearly 3,000 risk leaders and executives in 63 countries, including Australia and New Zealand – identifies “cyberattacks and data breaches” as the most significant risk facing Australian businesses. This mirrors the global landscape, where digital threats continue to escalate in frequency and complexity.
Australian organisations encountered a substantial number of cyber incidents in August 2025, according to figures released by WatchGuard Technologies.
The company’s recent analysis revealed that a total of 5,383 malware events were detected across the country during the month, equating to an average of 179 incidents each day. Network-based attacks were even more frequent, with 65,074 attempts identified and blocked, averaging approximately 2,169 per day.
Amid these incidents, Australian businesses are continuing to experience significant levels of cybersecurity fatigue, according to joint research from Sophos and Tech Research Asia. The fifth annual “Future of Cybersecurity in Asia Pacific and Japan” report found that 78% of Australian organisations surveyed are struggling with ongoing burnout among cybersecurity teams.
The research attributes this trend to several factors, including an increase in cyber threat activity, limited staffing and resources, and the growing complexity of regulatory compliance requirements.
Aon’s report revealed that 93% of Australian respondents indicated they have formal processes in place to regularly review their cyber risk posture.
“Cyber threats are no longer confined to data breaches – they have evolved into systemic business risks that can disrupt operations, supply chains, and reputations. Quantifying cyber exposure through analytics gives organisations the visibility to prioritise investments, reduce loss potential, and strengthen resilience at an enterprise level,” said Adam Peckman, Aon’s global head of cyber risk consulting and APAC Cyber Solutions leader.
The survey highlights that regulatory and legislative changes continue to present ongoing challenges for Australian businesses.
This risk has remained among the top concerns for over 20 years, reflecting the complexities of operating in sectors subject to frequent regulatory updates and increased scrutiny, such as financial services and technology.
Workforce issues are also prominent in the Australian context. “Failure to attract or retain top talent” and “workforce shortage” are listed as sixth and ninth, respectively, in the top 10 risks for 2025.
These concerns have become less prominent globally but remain critical locally, particularly in industries like healthcare, infrastructure, and advanced manufacturing.
“Australia’s tight labour market and ageing workforce are creating long-term skills gaps across key industries. Businesses are now viewing workforce resilience as a core component of enterprise risk management, linking talent attraction and retention strategies to performance and continuity outcomes,” said Simon Kennedy, managing director for Human Capital, Pacific, at Aon.
For the first time, “weather and natural disasters” entered the Australian top 10 risk list, ranking eighth.
The survey reports that 79% of Australian businesses experienced losses from weather-related incidents, the highest proportion for any risk in the local results.
The Insurance Council of Australia (ICA) reports that payouts for natural disaster claims have risen sharply over the past five years, reaching $22.5 billion. This figure marks a 67% jump compared to the total paid out in the previous five-year span.
Other risks identified in the top 10 include economic slowdown, business interruption, cash flow and liquidity challenges, and supply chain disruptions.
These risks reflect the interconnected nature of operational, financial, and environmental pressures in the business environment.
Unlike the global results, geopolitical volatility did not feature in Australia’s top 10 risks. Instead, the local risk profile is shaped by a combination of digital, regulatory, and workforce factors.
“Australian organisations are redefining resilience as they face converging risks – from cyber threats and regulatory uncertainty to workforce and climate challenges. The survey shows a shift towards more integrated risk management, linking resilience planning with strategy, workforce, and capital decisions,” said Kevan Johnston, CEO of Australia for Aon.
Looking ahead to 2028, the survey forecasts that cyber threats, regulatory change, economic slowdown, workforce shortages, and a tie between liquidity risk and increased competition will be the most significant risks for Australian businesses.
