A recent wave of cyberattacks on companies connected to Australia’s defence sector has brought renewed attention to the risks facing supply chains and the insurance implications for organisations handling sensitive and operational data.
ABC has reported that over the past week, cybercriminal groups have claimed responsibility for breaches affecting firms involved in major Australian defence projects. One group, Cyber Toufan, published details and images related to the Australian Defence Force’s (ADF) Redback infantry fighting vehicle, a project in which Israeli defence company Elbit Systems is a key supplier. The group claimed to have accessed these materials after breaching several Israeli defence contractors.
In a separate incident, the J Group ransomware gang stated that it had gained access to the systems of IKAD Engineering, a company engaged in naval contracts such as the Hunter Class frigate and Collins Class submarine programs. The hackers alleged that they maintained access for five months, describing their activity as a “staycation in the defence supply chain.”
IKAD Engineering CEO Gerard Dyson confirmed the breach, saying that an “external third party” had accessed a portion of its IT systems. Dyson said that so far, only “non-sensitive project information” and some employee files were affected, and that IKAD does not have direct links to ADF systems.
A cybersecurity professional has cautioned that even data not deemed sensitive can hold strategic value. Jamieson O’Reilly, founder of security firm Dvuln, told ABC: “Smaller engineering firms often provide specialised services and hold sensitive operational context even if they do not handle classified technical data.”
O’Reilly’s review of the breach found that the exposed data included thousands of emails, scanned identity documents, and a significant amount of HR and process documentation. He noted that about 70 filenames referenced submarine programs, often in the context of tenders or project correspondence. He added: “When an adversary compromises a supplier, they gain access to the language, patterns, and relationships that connect organisations across the supply chain. This information can be used to build credible approaches to higher-tier targets. This is why contextual data, even when not formally classified, has strategic value.”
According to statements from the J Group, the attackers initially exploited a vulnerability in an outdated VPN application, allowing them to move laterally within IKAD’s systems and exfiltrate approximately 800 GB of data. Rahat Masood, a senior lecturer at UNSW, described the attackers’ actions as “data exfiltration,” explaining that the goal is to move data off the network and then encrypt it, often erasing logs to obscure their presence.
Elbit Systems, which supplies components for the Redback vehicle, told ABC that a “contractor for mechanical parts” was targeted, but that “no classified security materials have been compromised.” The company denied any breach of its own networks and stated that it is conducting an internal investigation.
IKAD Engineering reported the incident to the Australian Cyber Security Centre (ACSC), the Australian Federal Police, and the Defence Industry Security Program. The Australian Submarine Corporation clarified that IKAD is not a supplier and has not received technical or sensitive data.
The recent cyberattacks on defence industry contractors come amid a sustained high level of data breaches across Australia. Data from the Office of the Australian Information Commissioner (OAIC) shows that in the first half of 2025 (H1 2025), there were 532 data breach notifications, with 59% attributed to malicious or criminal attacks. The finance sector reported the second-highest number of breaches after health, and incidents caused by human error rose to 37% of all notifications.
For insurance professionals, these developments highlight the need for comprehensive cyber risk management and tailored insurance solutions that address both direct and third-party exposures. The incidents underscore that even organisations with robust defences remain vulnerable, and that supply chain risks are an increasingly important consideration in underwriting and risk assessment.
