12 June 2026
The Breach Ledger: Education Edition
Seven years of named Australian school incidents, OAIC data, and what Loyola, Waverley, and Belmont tell us about who ransomware groups are targeting — and why.
Read the article →Insights
Straight talk on cyber security, risk, and regulation. No vendor content. No thought leadership for the sake of it. Just the things worth saying.
1 June 2026
The $3 Million Privacy Exemption Is Ending. Most Australian Businesses Are Not Ready.
Approximately 92% of Australian businesses have never had to comply with the Privacy Act. The Tranche 2 reforms will change that. Here’s what it means and where to start.
Read the article →1 June 2026
Your MDM is a loaded gun. Handala just showed you it’s loaded.
Handala wiped up to 200,000 Stryker devices using Microsoft Intune. No zero-day. One compromised admin account. The attack vector is universal — here’s what it means for your organisation.
Read the article →1 June 2026
Privacy is not a policy document. It’s a trust contract.
The December 2024 reforms are live. The OAIC has already run enforcement sweeps. Here’s what the changes actually require from an Australian SME — in plain language.
Read the article →22 May 2026
Most MSPs Are Delivering Half the Job
Most MSPs deliver solid technical support but leave clients exposed. The modern MSP closes the gap — governance, risk management, and compliance, right-sized for SMEs.
Read the article →14 May 2026
Your school has fifty SaaS vendors. The Children's Online Privacy Code is about to make each one your problem.
OAIC's Children's Online Privacy Code is registered 10 December 2026. Independent schools are APP entities. Here's what business managers must do now.
Read the article →5 May 2026
Australian healthcare has led data breaches every single year. Your practice is not the exception.
Healthcare tops Australia's breach charts again. OAIC data shows health led every reporting period since 2018. Here's what the numbers actually mean for private practices.
Read the article →28 April 2026
Your privacy policy just became a legal liability — what changed in December 2024
Australia's Privacy Act changed on 10 December 2024. New fines, new enforcement powers, new legal liability. Here's what your organisation needs to know now.
Read the article →Coming soon
Why your MSP shouldn't be your vCISO
The conflict of interest is real, documented, and surprisingly common. Here's what to look for and what to do about it.
Coming soonComing soon
What the Cyber Security Act 2024 actually requires - and what it doesn't
A plain-English breakdown of mandatory ransomware reporting, critical infrastructure obligations, and what applies to your organisation.
Coming soonComing soon
The Essential Eight in 2025: what actually changed and what it means for your program
The ASD updated the Essential Eight Maturity Model in 2025 — tighter patching windows, phishing-resistant MFA at ML2, and revised application control requirements. What shifted and what it means in practice.
Coming soonComing soon
CPS 234 in plain English: what APRA actually wants to see
APRA's information security prudential standard isn't complicated - but the gap between what regulated entities think it requires and what APRA actually looks for is surprisingly wide.
Coming soonComing soon
AI governance isn't an IT problem. Here's what your board should be asking.
AI adoption is moving faster than governance frameworks. The boards asking the right questions now will be in a materially better position in 12 months.
Coming soonIn the Press
Where it started
The thinking behind Coastal Cyber’s approach to the MSP security and governance gap, as covered in the Australian channel press at launch.
Get notified when articles are published.
Follow Coastal Cyber on LinkedIn for new insights as they're released.
Follow on LinkedIn