Home
You’re currently viewing our content for All Regions.
You can switch to a different region:
May 19, 2026
From isolated pilots at the business edge to the beating heart of the enterprise engine room, the Internet of Things (IoT) is rapidly assuming centre stage within Australian organisations.
The conversation has shifted beyond siloed smart devices. Today, IoT is deeply embedded into how organisations operate, monitor, optimise and deliver services across critical industries.
“IoT is becoming a great enabler of Australian businesses,” observed Alex Nehmy, Regional CTO of Phosphorus Cybersecurity. “Coupled with AI, the real time data from IoT is delivering timely insights that are making a difference.
“From predictive maintenance in manufacturing to smart warehousing and cold chain storage that helps protect our food supply, IoT is driving efficiencies everyday. Another example is the use of autonomous systems in mining and agriculture, helping Australian businesses manage labour shortages and gain critical operational efficiencies.”
For many organisations, IoT is no longer sitting at the edge of transformation strategies, it’s becoming central to how modern businesses operate, compete and scale. Bridging the gap between physical operations and digital intelligence is now a mission-critical priority.
“But at the same time, this transformation is expanding the digital attack surface,” Nehmy cautioned. “This means organisations need much better visibility and security across connected devices, operational technology and other cyber physical systems.”
Executive insights were shared during Blind Spots Break Resilience: Securing Connected Businesses. This Moxie Masterclass – in association with imei, Phosphorus, ASV Platforms and Aryaka – outlined the resilience frameworks that address blind spots head-on, tackled new connectivity challenges and highlighted executive best practice amid network and security convergence.
According to Moxie Research – Security Outlook: Australia 2025 / 2026 – only 54% of Australian organisations believe their current security investments align with evolving risk profiles.
“Security spending has risen sharply but it still falls short of recognising the real risk picture, particularly around identity, supply chain and OT / IoT exposure,” outlined Roger Millar, CIO and CISO of Angus Knight Group. “In the market today, I would say that a lot of boards are confident on paper but fragile in practice.”
Speaking in an individual capacity as an experienced CIO and CISO, Millar cautioned against organisations deploying reactive security strategies – a concerning trend that is playing out in the research numbers.
Based on Moxie Research, only 19% of Australian organisations are committed to ‘continuous and ongoing updates’ regarding reassessing cyber security roadmaps.
The majority operate:
“I think most businesses tend to revisit cyber roadmaps after a major incident, audit or regulation change, not as an established business process,” Millar noted. “Only a small, mature minority treat them as a living roadmap that is continuously updated.”
In order of severity – and according to Moxie Research – the most pressing challenges when securing connected businesses are:
“The biggest challenges in securing connected businesses are ever expanding attack surfaces, legacy OT and IoT that were never designed to be online, skilled staff shortages and the daily grind of keeping up with overlapping regulations,” Millar expanded.
“Today, the soft spots in the stack are identity and access (especially compromised credentials), third‑party and supply chain integrations, and those under managed IoT and OT devices sitting at the edge.”
In response, Millar acknowledged that most organisations “have plenty of tools” to mitigate such weaknesses but they are “stitched together loosely” which creates gaps between SIEM, EDR, cloud and OT monitoring.
“Very few organisations have a truly unified, business‑wide view because of this,” Millar outlined. “Businesses need strong identity controls, high quality granular log data, 24/7 monitoring and automation that can isolate users, devices or segments in minutes rather than hours.”
Every connected sensor, device, camera, industrial controller and unmanaged endpoint introduces another potential entry point into the enterprise. And in many organisations across Australia, connected environments have evolved faster than the security frameworks designed to protect them.
This is creating a growing tension for CIOs and CISOs – how to accelerate innovation and operational connectivity without introducing unacceptable levels of cyber risk.
According to Tim Fussell – Founder and CEO of imei – Australian organisations are facing a rapidly expanding attack surface driven by cloud adoption, IoT, remote workforces and OT convergence.
“The challenge is no longer just perimeter security but achieving visibility, control and resilience across thousands of connected endpoints, many of which were never designed with security in mind,” Fussell explained.
“Compliance obligations such as the SOCI Act further elevate the need to demonstrably manage third party, supply chain and infrastructure risk while maintaining operational continuity.”
The challenge with IoT security is not simply the number of devices entering the enterprise, it’s the lack of visibility and control that often accompanies them.
Many organisations still struggle to answer foundational questions:
The reality is many connected environments have grown organically over time with OT, legacy infrastructure and modern cloud-connected devices now coexisting in highly fragmented ecosystems. Traditional IT security models were not designed for this level of distributed connectivity.
Continuous visibility is becoming one of the defining security priorities in Australian enterprise.
“The reality is that most Australian businesses are not yet gaining continuous visibility of all of the digital ‘things’ across the enterprise,” Nehmy continued.
“Visibility has traditionally focused on IT assets, while large parts of the connected estate such as IoT and OT remain poorly understood. In many environments, visibility is still fragmented, with organisations relying on point in time discovery, siloed tools or incomplete manual asset inventories.
“As organisations become more connected, that visibility gap becomes a security and operational risk. Continuous visibility starts with knowing what is actually there across the enterprise, not just what is managed by traditional IT.”
Most Australian businesses are still early in the journey when it comes to securing IoT attack surfaces, however. Many have invested heavily in traditional IT security but IoT often sits outside those controls, which creates significant blind spots.
“The first step is visibility,” Nehmy advised. “Organisations need to know what devices are actually connected across the environment, what firmware they are running and the general device configuration.
“Without that, it is very difficult to identify basic hygiene issues such as default credentials, vulnerable firmware or insecure services.
“Due to the insecure state of these devices and the relatively strong security of IT systems, threat actors are now beginning to specifically target IoT devices to gain a foothold into, and persist within organisations, undetected.”
During the next 6-12 months, organisations must prioritise asset visibility, risk classification and lifecycle governance of connected devices.
“This includes identifying unmanaged or insecure IoT assets, enforcing secure onboarding and ensuring continuous vulnerability monitoring,” Fussell outlined.
“From a business perspective, the focus is shifting from experimentation to operational scale, making IoT environments auditable, resilient and aligned to regulatory and cyber insurance expectations.”
The organisations making the most progress are treating IoT security not as a standalone technology issue, but as a business resilience capability. Because in connected enterprises, operational uptime, cyber security and digital transformation are now inseparable.
The catalyst of such a change in market appetite is imei IoT Protect, an xIoT (extended IoT) managed service delivered in partnership with Phosphorus.
“Phosphorus, in partnership with imei, helps customers move from xIoT blind spots to continuous visibility and remediation,” Nehmy added.
“Phosphorus provides the technology foundation through its xIoT security platform and Intelligent Active Discovery, while imei delivers that capability as a managed service tailored for Australian organisations.
“Together, we help customers discover connected assets, identify exposures such as default credentials and vulnerabilities, and continuously reduce risk across their xIoT environment.”
The offering is designed to enable “safe, accurate and rapid” discovery of all xIoT devices on a network, as well as remediating vulnerabilities and ensuring compliance.
“imei supports organisations by helping them establish control over IoT environments from day one,” Fussell shared. “This includes device discovery, secure connectivity, network segmentation, and continuous monitoring across IT and OT domains.
“imei acts as a trusted advisor, bridging strategy and execution by designing secure architectures, integrating best of breed security platforms, and providing ongoing managed services that reduce risk without slowing innovation.”
As the number of connected IoT devices surges, organisations face growing cyber security threats from the xIoT.
These connected devices – from smart lighting and environmental sensors to security cameras and access systems – often go unmanaged which in turn, is leaving organisations increasingly vulnerable.
“xIoT is helping power Australia’s critical infrastructure and securing this new digital domain is one of the key cyber security challenges we face,” Nehmy added.
In 2026, a trusted security provider must be more than a technology integrator, they must be a risk and outcomes partner.
“CIOs are looking for providers with deep industry understanding, clear accountability, and the ability to translate security investment into operational resilience and compliance confidence,” added Gavin Jones, Executive Director of Strategic Markets and Innovation at imei. “Trust will be built on transparency, proven execution and alignment to the organisation’s long term digital strategy.”
Executive insights were shared during Blind Spots Break Resilience: Securing Connected Businesses. This Moxie Masterclass – in association with imei, Phosphorus, ASV Platforms and Aryaka – outlined the resilience frameworks that address blind spots head-on, tackled new connectivity challenges and highlighted executive best practice amid network and security convergence.
Inform your opinion with executive guidance, in-depth analysis and business commentary.
