In this Meet the Expert, Simon reflects on a two-decade career in IT and incident response, and shares insights into the importance of cyber resilience and how businesses can stay ahead in an era of AI-driven attacks.
What drew you to cyber security, and why did you join CFC?
What drew me to cyber security was the chance to make a genuine difference when businesses are facing one of their most challenging moments. When an organization is hit by a cyber attack, you're often dealing with people who are under immense pressure and facing significant disruption. Being able to guide them through that, help them get back on their feet and ultimately come out stronger is incredibly rewarding.
That's what attracted me to CFC in 2021. We don't just support large enterprises – we help businesses of every size, from small businesses right through to large organizations. Seeing the difference we make for customers, whether it's helping stop an attack in its tracks or supporting them through recovery, is what makes the role so fulfilling. A great example is Pioneer Search, where our UK incident response team helped contain an SMS impersonation attack before it could cause significant damage. The positive feedback they shared afterwards reinforced why I love this work – it's not just about responding to cyber threats, it's about helping businesses and people’s livelihoods stay operational and protect their reputation.
What cyber trends are you seeing across Australia and the wider APAC region?
Identity-based attacks are one of the biggest trends we're seeing. While ransomware remains a concern, many incidents now involve attackers exploiting stolen credentials, impersonating trusted individuals or using compromised accounts to commit fraud.
Major data breaches have provided cybercriminals with a wealth of personal and business information, making scams far more convincing. Business email compromise, payment redirection fraud and impersonation attacks are increasingly common across the region. As a result, businesses need to focus not only on protecting systems, but also on protecting identities and understanding what information attackers can see and use from the outside.
The next wave of cyber attacks will target trust. As AI makes impersonation easier, businesses need to focus as much on identity security as they do on technology.
What's one thing you'd like brokers to know about cyber risk?
One of the biggest lessons I've learned is that responding to cyber incidents effectively depends on preparation and speed.
Picture arriving at work on Monday morning and discovering your systems are locked, emails aren't working and your team can't access critical files. That’s the worst time to be asking, "What do we do now?" Instead, it’s vital to have an incident response plan in place – starting with who you call when things go wrong.
In a cyber incident, every minute truly matters. Imagine you had immediate access to experienced responders, able to step in within 15 minutes – helping to contain the threat and give your clients the best possible chance at recovery. For CFC cyber policyholders, expert support is always close at hand, whether through our Response app or a direct call to our incident response team.
Another important point is the misconception that cyber incidents are mainly a problem for large organizations. In reality, we see attacks affecting businesses of every size. Whether you're a small business or a large enterprise, having access to the right expertise quickly can make a huge difference to the outcome.
What does proactive cyber attack prevention look like in practice, and why is it so critical?
Proactive prevention starts with understanding where you're exposed. For many small businesses, that can be difficult to assess on their own, which is why tools like our Cyber Threat Reviews are so valuable. They help identify vulnerabilities, threats and weaknesses that could lead to cyber event – building a clear picture of cyber risk that’s quick and easy to understand.
Continuous monitoring is equally important because cyber risks don't stand still. The earlier you spot an issue, the greater the chance of fixing it before it leads to an incident.
We've seen the value of this approach time and again. During vulnerabilities such as React2Shell, organizations that quickly understood their exposure were able to act faster and reduce their risk.
Investing in a cyber policy that identifies and works to reduce risk before incidents occur can significantly limit disruption, cost and potential claims.
What are your passions outside work?
Outside work, you'll usually find me with my family, either in the surf or out camping somewhere. After more than 25 years in Australia, I'm also thrilled to announce that I have just become an Australian citizen – a milestone I'm incredibly proud of.
I enjoy pushing myself physically too. I've completed several Kokoda Challenge events, including the 96-kilometre trek, and this year I’m heading to New Zealand to take on another peak – this time in mid-winter!
To learn more about CFC’s proactive cyber attack prevention services, incident response, and market-leading cyber cover, explore our Cyber Hub or speak to the team.