Cybersecurity has always been a challenge for organisations, but the rapid rise of artificial intelligence (AI) has added a complex new dimension. Datacom’s State of Cybersecurity Index 2025, based on research conducted by Tech Research Asia (TRA), surveys 700 IT security leaders and employees across New Zealand and Australia. The report reveals a clear picture: AI is transforming both the threat landscape and organisational readiness.
AI: Both a Tool and a Threat
Security leaders identify AI‑driven cyberattacks as the top emerging risk. Advanced phishing and social engineering scams follow closely, demonstrating that human error remains a key vulnerability.
While business leaders are excited about AI’s potential to improve efficiency and insight, the study highlights a disconnect:
IT and security leaders generally believe their teams are AI‑ready.
Employees feel less confident, often underestimating their role in organisational cybersecurity.
This gap increases risk, particularly as AI makes scams more sophisticated.
Cybersecurity Still Seen as “IT’s Job”
Despite widespread awareness campaigns, many employees continue to see cybersecurity as solely the responsibility of IT teams. This mindset places intense pressure on security professionals:
61% of NZ security leaders and 58% of Australian leaders report cyber burnout in their teams.
Employees under constant pressure risk slower response times and fatigue in the face of growing threats.
Datacom’s Chief Information Security Officer, Collin Penman, emphasises that getting everyone “on the same page” is crucial for building resilience.
Recovery and Resilience: A Weak Spot
While 95% of organisations report that their cybersecurity practices align with business outcomes, many lack a robust business continuity or incident recovery plan. In the wake of a major cyber event, this gap could prove costly.
Key Takeaways for the Judiciary and Public Sector
For the justice sector, which handles highly sensitive data, the report’s findings are particularly relevant:
Cybersecurity is an organisation‑wide responsibility – all staff play a role in reducing risk.
AI‑enabled threats are growing – vigilance against phishing and social engineering is critical.
Staff training and awareness can reduce pressure on IT teams and minimise cyber burnout.
Preparedness planning – including tested incident response and recovery plans – is essential for maintaining trust and operational continuity.
As Datacom Managing Director Justin Gray notes, “Cybersecurity needs to be the remit of the entire organisation.” Building a culture of shared responsibility is key to navigating the AI‑enabled threat landscape in 2025 and beyond.