CYBER SECURITY - A TOP TO BOTTOM BUSINESS PRIORITY
Jacob Bywater • August 26, 2025

Cyber Security: A Business-wide Priority or a Business-wide Risk.

Cyber security has never been more critical for Australian businesses. As cyber threats grow in complexity and scale, the perception of cyber security must shift from being an isolated IT concern to a whole-of-business responsibility. Jacob Bywater, Director of e2 Cyber, recently sat down to share his thoughts on where businesses go wrong, how they can better prepare, and what the future of cyber hiring looks like.


Why Cyber Security is Everyone's Problem

"Cyber security is a business-wide problem in the sense that everyone plays a part," says Jacob. "No matter what your role is, you're contributing to either the resilience or the risk of your organisation."


This sentiment reflects a growing consensus in the industry. While security tools and technologies are crucial, most breaches are still caused by human factors. According to the Australian Cyber Security Centre (ACSC), phishing remains one of the most common cybercrime threats affecting Australian businesses.


"If we're not taking our people along on the security journey, then we're missing a critical factor."

Education and awareness are not optional. Businesses that embed security behaviours into everyday practice are more resilient than those who rely solely on technical solutions.


Starting Small: Practical Security for SMEs

Small businesses often lack the resources for full-time security teams, but Jacob is quick to point out that good security doesn't have to be expensive.


"There's a lot of free and easily available resources to guide people on basic security principles," he says. "And there are specialists out there who offer short-term engagements or consulting packages tailored for small to medium businesses."


For example, the ACSC's Small Business Cyber Security Guide outlines practical steps that any organisation can take, such as enabling multi-factor authentication (MFA), backing up data regularly, and securing their physical environment.


"If you're not sure where to start, just ask. There will be an answer. You just have to want to go looking for it."


Jacob notes that e2 Cyber is regularly approached by businesses looking to understand how to make the first move. Sometimes, just entering into a short form, single consultation can make a big impact, helping teams identify vulnerabilities and improve their security posture without draining the budget.


Scaling Securely: Leadership is Key

As businesses grow, the complexity of their technology and processes increases. But that doesn't mean security has to become unmanageable.

"Scalable security isn't as complex as people think," Jacob explains. "It comes back to basic principles and leadership."


Leadership must make cyber security a priority from the top down. It is not just about compliance, but about embedding a mindset of security-first across every level of the organisation.

"Things like MFA, physical access control, and staff education go a long way. Yet so many businesses overlook these steps because they're not seen as urgent."


The ASD Essential Eight is a well-known framework in Australia, offering guidance on prioritising risk reduction strategies. Jacob urges businesses to take these seriously, particularly when they begin to scale.


The Role of Recruitment in Building Resilience

While e2 Cyber is not a technical security consultancy, Jacob is clear about the unique value cyber recruitment agencies can offer.


"We solve the problem differently. We're not configuring firewalls, but we do help put the right people in the right environments."


Some security professionals thrive in large, structured organisations. Others are best suited to fast-paced SMEs. Matching the right personality and experience to the right context is what sets specialist cyber recruiters apart.

"We also make connections with no strings attached. We're invested in the long-term success of the community, not just in making a placement."


This community-first attitude is essential in a sector where collaboration often matters more than competition.


What Hiring Structures Are Working

According to Jacob, the current economy has shifted how companies approach cyber security hiring.


"We're seeing a lot more outcome-based, short-term engagements," he explains. "Instead of locking someone in for twelve months, businesses are bringing in deep specialists for focused projects."


This aligns with broader trends. Cyber security is increasingly viewed as an operational cost, not a project expense. Regulatory frameworks like the Security of Critical Infrastructure (SOCI) Act now require ongoing compliance, making cyber security a continuous obligation rather than a one-off project.


"We are also seeing an evolution from project work into long-term operational capability, particularly in government and large enterprise."


Where Larger Organisations Go Wrong

Even well-funded organisations fall into traps. One of the most common mistakes Jacob sees is a mismatch between perceived and actual needs.


"What is needed and what is budgeted for are often two different things. And if an organisation hasn't suffered a breach, it's harder to justify the investment."


This disconnect often stems from leadership's failure to fully grasp the impact of a potential cyber event. The ACSC’s Annual Cyber Threat Report 2023–24 states that the average cost of a cybercrime for a small business is tens of thousands. For medium businesses, it climbs even higher.


"A lot of businesses don’t act until they’ve been hit. But that’s like waiting until after a car accident to install airbags."


Defining a Strategic Cyber Function

When asked what a strategic cyber function looks like, Jacob draws on his own business experience.


"You have to start by admitting what you don’t know. Then engage the right experts to help you get there."

This approach means investing time, money, and energy into building a culture of security. He recommends starting with the basics from trusted sources like the ACSC or ASD, and then layering more advanced support as needed.


"Sometimes that means embedding a full-time person. Sometimes it means using a third-party partner. It depends on the context."


Navigating the Talent Shortage

The talent shortage in cyber is well known. However, Jacob says that more applicants are not always the solution.

"There's definitely a lot more people applying for cyber roles, but more applicants doesn't always mean better outcomes."


He warns that hiring the wrong person can be more costly than spending more upfront to find the right one. Using a specialist recruiter alongside internal hiring processes ensures a broader and more qualified candidate pool.


"You need to properly assess where your gaps are, then find the right capability to fill them. That could be technical, policy-driven, or operational."


Jacob also notes that hiring strategies must adapt to the context of each organisation. What works for one company may not work for another, especially when budgets and maturity levels vary.


How COVID Changed the Game

"COVID changed everything," Jacob reflects. "Remote work is here to stay, and it brought with it a new set of security concerns."


From unsecured home networks to shared devices and sensitive data access, flexible working has introduced more complexity into cyber security management.


"People overlook things like who has access to a home laptop. Are they running updates? Are they logging off each day? These little things matter."


He advocates for ongoing staff education, regular security training, and practical check-ins to ensure secure practices are maintained across hybrid workforces.


The Importance of Cross-Functional Collaboration

Cyber security is no longer siloed within IT departments. It requires collaboration across HR, operations, legal, finance, and leadership.


"We all have something to learn from each other. Culture is built through collaboration. If you’re not talking about security in every team, you’re missing the point."


He gives the example of simple questions becoming part of office culture.


"Did you log off? Who locked the door? Are we sharing that document securely? These questions start to change behaviours."


More engaging training options are also helping shift attitudes. Gone are the days of dull PowerPoint presentations. Specialist providers now offer interactive sessions tailored for all kinds of teams, from frontline workers to executives.


The Three Steps Every Business Should Take This Year

To wrap up the conversation, Jacob offers three practical actions any business can take today to move toward cyber maturity:


  1. Change your mindset - Assume a breach is possible. Stop thinking it won't happen to you.
  2. Solve the basics - Enable MFA, run your updates, log off daily, and secure your physical premises.
  3. Get a cyber check-up - Bring in a trusted expert for a short assessment. This could be a cyber consultant, a managed provider, or a trusted cyber recruiter who can connect you to the right person.


"Like going to the doctor for a check-up, you don’t need to be sick to get a health assessment. A cyber health check might cost a few hundred dollars, but it could save you tens of thousands."


According to the latest ACSC report, more than 87,400 cybercrime reports were filed in 2023–24. With 20% of Cyber Crimes hitting business being email fraud. Small and medium businesses remain among the most frequent targets as these crimes get ever more sophisticated and hard to detect.


Final Thoughts

Cyber security is no longer a luxury, nor is it something that can be left to “one day”. It is a necessity that affects every employee, customer, and stakeholder in your organisation, and it is happening right now. As Jacob Bywater makes clear, a proactive, strategic approach to hiring, training, and leadership can help your business stay ahead of the curve.

"Don’t wait until you’re a headline. Build your defences now, start with the basics, and ask for help when you need it. We’re all in this together."



For more insights or help finding the right cyber talent, get in touch with e2 Cyber today.

Let's Chat
e2 Cyber’s Matt Kiss, smiling while being interviewed with laptop

STATE OF CYBER SECURITY JOB MARKET AUSTRALIA: 2025 AND BEYOND

By e2 Cyber August 6, 2025
What's the state of the cyber security job market? We explore the impacts in 2025 and beyond, in an in-depth interview with e2 Talent Consultant Matt Kiss.
Woman pensively looking, hand on chin, with text AI and ones and zeros floating.

HOW WILL CYBER SECURITY JOBS BE AFFECTED BY AI

By e2 Cyber June 10, 2025
An outline of how artificial intelligence is both impacting and transforming cyber security roles, threat detection and professional development in the industry.
Female and male professionals reviewing data on monitors.

WHAT INFLUENCES CYBER SECURITY SALARIES IN AUSTRALIA?

By e2 Cyber April 18, 2025
We break down what influences cyber security salaries in the current Australian market, outlining how skills, sector and experience impact what clients are paying
More Posts