Why privacy is everyone’s business in 2025 - and what you can do about it
Privacy is a critical part of how businesses build trust, operate securely, and stay resilient in a digital-first economy. This year's Privacy Awareness Week theme, "Privacy: It's everyone's business", is a timely reminder that protecting personal data isn't just the domain of IT departments or privacy officers. Every employee, every process, and every business decision has a role to play.
That's especially true for Australia's small and mid-sized businesses. Cyber attackers are increasingly targeting organisations that lack the in-house capability or resources of larger enterprises. Data breaches were the most common form of cyber attack in Australia, accounting for 54 per cent of reported incidents in 2023, compared to the global average of 38 per cent. And with new laws now requiring the disclosure of ransomware payments, directors and business owners are under more pressure than ever to demonstrate that reasonable steps have been taken to prevent or contain privacy breaches.
At Ingram Micro, we work closely with leading local IT service providers, including the team at Precision IT, to proactively defend against evolving cyber threats and build resilient, privacy-conscious environments.
Mark Holden, Technical Operations Lead at Precision IT explains that the most common vulnerability cyber attackers exploit is human error, and phishing remains one of the most effective methods to trigger ransomware attacks.
"Regular staff training is critical. Without it, employees are more likely to click unsafe links or mishandle sensitive data. A proactive posture, aligned to the Essential Eight, including patching, multi-factor authentication (MFA), and backups, gives businesses the best chance to prevent or contain these kinds of attacks before damage escalates."
This link between phishing and privacy means even a small mistake can escalate into a full-scale privacy breach. These attacks are specifically designed to harvest credentials or trick users into disclosing sensitive information and once attackers gain access, they often exfiltrate data before launching ransomware.
For this reason, security awareness is now just as important as technical safeguards. Businesses should regularly run phishing simulations, update training, and ensure that staff know how and where to report suspicious activity.
"Being cyber resilient in 2025 is about more than deploying endpoint detection or backing up data," Holden says. "It starts with creating a workplace culture where everyone understands the role they play in keeping systems secure. Phishing simulations and regular training are essential, but so is empowering people to pause, think critically, and report anything suspicious without fear."
According to the Australian Government's Annual Cyber Threat Report 2023-2024, email compromise credential-based attacks continue to be one of the most preventable, yet successful, breach methods. One of the most common is credential stuffing, where attackers take usernames and passwords from previous data leaks and attempt to reuse them on other platforms.
"Credential stuffing is a low-effort, high-reward attack that relies on users reusing the same passwords across multiple sites," Holden explains. "Attackers take credentials leaked in previous data breaches and use automated tools to test them on other platforms. If accounts are not protected with multi-factor authentication, it is only a matter of time before one gets hit."
For most businesses, the risk is not that a password might be exposed – it's that it already has. That's why it's essential to monitor for compromised credentials and enforce the use of MFA wherever possible through a layered approach.
Monitoring for unusual login attempts, especially from unexpected locations or devices, helps detect abuse early. Password managers and regular credential audits are also essential, and visibility into dark web exposures can provide early warning. Precision IT recommends dark web monitoring through Huntress and BreachWatch by Keeper to detect if credentials have already been exposed."
Once a risk is identified, response time matters. That's why every organisation should have clear procedures in place to isolate and remediate threats. Holden's team responds quickly once compromised credentials are detected: password resets, restrictions to trusted devices or locations, and enforcement of conditional access policies.
These best practices align with the Essential Eight strategies from the Australian Signals Directorate's Australian Cyber Security Centre. This framework provides a baseline for technical defences, including timely patching, restricted admin privileges, and secure backups – all of which reduce the risk of data loss or exposure during an incident.
Cyber resilience in 2025 is about much more than surviving an incident – it's about continuing to operate despite the pressure. That resilience starts with visibility: knowing what data you hold, where it's stored, and who has access to it. Without that, it's almost impossible to prevent leaks or respond effectively when one occurs.
Every new employee, software update, or business relationship introduces fresh risks meaning cyber risk needs to be a standing item at leadership meetings, not only a compliance checkbox.
In 2025, protecting personal information is not a task for someone else. It's not just for IT or a job that can be delayed until after the next growth milestone. Privacy is everyone's business, and the most resilient companies will be the ones that treat it that way from the start.
Disclaimer
Information current as at 19 June 2025 and is provided in summary form only. All information contained is given in good faith and has been derived from sources believed to be accurate. To the extent that any information contained is sourced from or contains links to any third-party data or websites, Ingram Micro Pty Ltd makes no representation that the information is accurate or complete.
