Meet our CISO Collin Penman
Datacom's Chief Information Security Officer on what's top of mind when it comes to cybersecurity and the one thing an organisation can do to improve its security posture right now.
AI-based cyber-attacks are ranked as the number one concern for security leaders, yet employee awareness of AI risks and cybersecurity policies remains low. At the same time only 29% of employees believe cybersecurity is a top priority with everyone actively involved.
As cyber criminals adopt AI to automate and scale up cyber-attacks, IT leaders report that cyber burnout amongst their teams continues to grow. Collin Penman, Group Chief Information Security Officer at Datacom, says the disconnect between the perception of AI and cybersecurity readiness among security leaders and employees poses significant risk.
“The findings highlight the need to get employees and leaders on the same page to adequately identify cyber threats and enable the safe and responsibly adoption of AI. And we still have work to do to harness AI as a cybersecurity tool which could take more of the load off cybersecurity teams.
“AI is changing the nature of cybersecurity and helping to combat the threats AI-based cyber-attacks pose. However, AI-augmented cybersecurity had the lowest maturity rating when it came to technologies employed in cyber defences.”
Cyber burnout is weakening defences. Almost three in five Australian security leaders (58%) report cyber fatigue within their security or IT teams, meaning employees are stressed or constantly under pressure.
“There is a real risk that businesses are operating with a false sense of security. Leaders believe their teams are ready to tackle threats, but this disconnect is leaving businesses exposed. Cybersecurity is only as strong as the organisation's weakest link, and if employees don’t have the right training or awareness, security strategies won’t hold up when they’re most needed.”
AI adoption and confidence are growing rapidly across Australian businesses. According to the 2025 Tech Leaders Survey, conducted by the Technology Council of Australia and Datacom, 67% of senior tech leaders rated AI as the number one trend this year.
Cybersecurity, which at 11%, was the second biggest trend for 2024, continues in that position in 2025, increasing to 17%.
However, as AI adoption increases, many businesses still lack clear governance frameworks to ensure security keeps pace with innovation. The State of Cybersecurity Index found that four in ten employees are using AI tools like ChatGPT and Copilot, but fewer than one in four have read their organisation’s AI security policies. Meanwhile, six in ten employees are unsure whether their organisation has safeguards in place.
Datacom Australia Managing Director Laura Malcolm says the results of the Tech Leaders Survey earlier this year identified Australia's macroeconomic productivity as one of the major concerns for industry leaders.
“To address those productivity issues, Australian organisations need to be taking advantage of AI-driven efficiencies, but our cybersecurity research shows they also need to be harnessing AI to bolster their security practices, and they must establish business resilience planning, so they have a clear path to recovery after an attack."
Penman says, “AI is proving to be a transformative force for businesses. The challenge now is to ensure security and governance keep pace with its adoption.
“Australian businesses are already experiencing a positive impact, and as confidence continues to climb, we expect to see more companies embedding AI into their overall strategy to handle more advanced tasks like complex decision-making and enhancing employee productivity.”
The index also highlights a lack of business continuity planning in the cybersecurity space. Only 38% of security leaders have a business continuity or cyber resilience plan in place in the event of a cyber-attack or incident, and yet nearly all (95%) of security leaders say cybersecurity practices are well aligned to business outcomes.
“With AI adoption accelerating and cyber threats evolving, governance must be embedded into business and security frameworks. Cybersecurity investment supports business continuity, growth, and trust - because preventing a breach is always better than responding to one.”
The State of Cybersecurity Index Australia 2025 research findings are based on a survey of 105 security leaders and 303 employees in Australia. The survey was conducted in November 2024 by Tech Research Asia (TRA).
