
Australian businesses are being urged to rethink their approach to cyber security after the Five Eyes cyber security agencies issued a rare joint warning that artificial intelligence is accelerating cyber threats and shortening the window for organisations to respond.
I confess to being an absolute fan of spy stories. I can re-watch Slow Horses or The Americans any day of the week, and I think Ben Macintyre’s The Spy and the Traitor is the best management book out there. So, when the Five Eyes issued a joint statement on cyber security and AI, it got my attention.
The Five Eyes is an intelligence-sharing partnership between Australia, Canada, New Zealand, the United Kingdom and the United States. Established in the aftermath of the Second World War, it has evolved into one of the world's closest and most enduring security alliances, enabling member nations to collaborate on intelligence, national security, cyber threats and emerging technologies.
In recent years, the partnership's cyber security agencies have increasingly issued joint public guidance on issues ranging from ransomware and critical infrastructure protection to supply chain security and state-sponsored cyber activity. Their collective assessments carry significant weight because they draw on the combined expertise and threat intelligence of five advanced cyber security agencies operating across multiple regions and sectors. These agencies are in daily hand-to-hand combat with state and non-state actors attempting to breach our nation’s cyber defences.
That is why the latest joint statement from the Five Eyes cyber security agencies deserves close attention from Australian businesses. The agencies are warning advances in artificial intelligence are rapidly reshaping the cyber threat landscape and compressing the timeframe organisations have to respond. Their message is clear: cyber security can no longer be treated as a purely technical issue delegated to the IT department. It is now a core business and leadership responsibility.
The statement warns that advances in artificial intelligence are rapidly reshaping the cyber threat landscape, and organisations may have only months, not years, to adapt. While AI will strengthen cyber defence over time, it is already making cyber-attacks faster, more sophisticated and easier to execute.
According to the Five Eyes agencies, frontier AI models are expected to fundamentally transform offensive and defensive cyber capabilities in the near term. AI is lowering barriers for malicious actors, increasing the scale and speed of attacks and shrinking the time between the discovery of a vulnerability and its exploitation.
For business leaders, this means cyber security can no longer be treated as a future challenge. The risk is already here, and the pace of change is accelerating.
At the same time, AI offers significant opportunities to strengthen cyber defences. The challenge for organisations is ensuring they have the foundations in place to use these tools effectively while maintaining resilience against increasingly capable threats.
One of the most important messages in the statement is that cyber risk is not solely a technical issue.
The Five Eyes agencies argue that cyber resilience should be viewed as a core business risk, alongside financial, operational and strategic risks. Boards and executives must be confident that their cyber controls will perform under pressure during a real-world incident, rather than simply existing on paper.
In an environment where AI-enabled attacks can emerge and evolve rapidly, leaders are being urged to take an active role in understanding cyber risk, ensuring accountability and providing cyber teams with the authority and resources needed to respond effectively.
The Five Eyes statement highlights four priorities for organisations:
Notably, the agencies stress that success will come from “getting the basics right”. Strong cyber hygiene, defence-in-depth strategies, secure-by-design principles and disciplined risk management remain essential, even as AI transforms the threat landscape.
For Australian businesses, the statement reinforces a broader trend: cyber security is becoming a critical element of competitiveness, resilience and governance.
As organisations adopt AI across operations, supply chains and customer-facing services, they must also account for the new risks AI introduces. That includes reassessing exposure to cyber threats, strengthening resilience planning and ensuring executives and boards have visibility over evolving risk profiles.
The warning also comes at a time when regulators, investors and customers increasingly expect organisations to demonstrate strong cyber governance and preparedness. The consequences of a significant cyber incident now extend beyond operational disruption to include reputational damage, financial loss and regulatory scrutiny.
The Five Eyes agencies are clear: AI is changing cyber security faster than many organisations expect. The question for business leaders is no longer whether AI will affect cyber risk but whether their organisation is prepared for the changes already underway.
For Australian industry, the message is straightforward: treat cyber resilience as a strategic business capability, invest in the fundamentals and ensure leadership remains actively engaged. Organisations that move early will be better placed to capture the benefits of AI while managing the risks that come with it. Those that delay may find the threat landscape has changed before they have a chance to catch up.
Cyber attacks are a real and growing threat, and waiting to respond until after an incident occurs can be costly and damaging.
Australian Industry Group's cyber consulting and training services can help you dramatically reduce the risk to your busines. A small investment now, in targeted training or expert consulting, can save you time, money and stress down the line. Find out more here.

Louise McGrath is Head of Industry Development and Policy at Australian Industry Group. She provides strategic leadership and guidance for our policy agenda in building competitive industries through global integration, infrastructure development and innovation. She ensures members have a voice at all levels of government and represents and promotes their interests on current and emerging issues. Louise represents Australia in several multilateral forums, such as the B20 Taskforces, Global Business Coalition and the East Asia Business Council working group on RCEP. She advocates for members during free trade negotiations and translates those agreements to support members' strategic aims. Louise is a board member of Standards Australia and the National Reference Group of The Australian Consortium for ‘In-Country’ Indonesian Studies (ACICIS). She also represents Australian Industry Group on the International Trade Remedies Forum, National Committee for Trade Facilitation, the Net Zero Authority Stakeholder Group and the Modern Slavery Expert Advisory Group.