Two conversations are running simultaneously in Australian professional services firms. One is about how to do more with the same team and technology; the other is about staying secure in the process.
There is genuine momentum on the productivity front. AI tool adoption among Australian businesses is accelerating, cloud phone systems are unlocking business intelligence that used to require a dedicated analyst, and practical time savings of several hours a week are within reach for most firms.
The challenge is that the same technology shift creating efficiency gains is also expanding the attack surface. This month's brief covers both sides of that equation and points to practical steps your firm can take right now.
Productivity, phone intelligence, and how to actually save time with AI
The AI Productivity Paradox: More Tools, More Chaos
More AI tools without redesigning how your team works together will make things worse before they get better.
Atlassian's 2026 State of Teams report, published in April, found that 87% of knowledge workers feel they cannot keep up with coordination demands as AI accelerates individual work faster than team coordination. Businesses are adding tools faster than they are redesigning how their teams actually work together.
The result is what researchers call a fragmentation tax: individual workers moving faster, but teams feeling more overwhelmed than before. The businesses seeing genuine productivity gains are those that have redesigned their workflows around AI rather than simply stacking new tools on top of existing ones.
For smaller firms, this is actually an advantage. Redesigning how a team of ten coordinates is considerably faster than doing the same for an organisation of thousands, and the benefits land more quickly too.
What to do next
Audit which AI tools your team is currently using and identify any overlap or duplication.
Pick one workflow to redesign around AI rather than layering a new tool onto an existing process.
Nominate one person to own your firm's AI adoption so decisions are coordinated rather than individual.
Your Phone System Is Sitting on Untapped Business Intelligence
Most businesses are sitting on phone data they have never looked at — call volumes, wait times, missed calls, team performance. It is all there.
A modern cloud-based phone system does considerably more than route calls. Call analytics, transcription, response time data, and volume patterns give businesses a clear picture of how clients are engaging and where teams are spending time on the phone.
McKinsey research has found that companies using advanced contact centre analytics have reduced average handle time by up to 40% and resolved client issues faster. For any business where every minute of staff time has a real cost, that kind of visibility changes how you manage your team and your client experience.
The shift from a traditional phone line to a cloud-based VoIP system is not just a cost decision. It is a decision about whether your phone system works as a passive call handler or as an active source of business intelligence.
What to do next
Ask your current provider whether your phone system captures call analytics and transcription data.
Review your missed call rate as a first measure of client experience.
Check whether your phone system connects with your CRM or practice management software.
The firms seeing the clearest gains are not the ones with the most tools. They are the ones using automation for specific, high-value tasks: document drafting, meeting summaries, scheduling, and client communication templates. Broad deployment without a clear purpose tends to add noise rather than remove it.
The good news for smaller businesses is that these tools are broadly accessible and affordable. A well-selected AI workflow can add meaningful capacity to a team of five or ten without the cost of a new hire.
What to do next
Identify the three most time-consuming administrative tasks in your firm this week.
Trial Microsoft 365 Copilot for meeting summaries and document drafting before committing to broader deployment.
Set a realistic target: one hour saved per team member per day is achievable with a well-implemented AI workflow.
Dark web credentials, ransomware patterns, and an active ACSC alert
Your Staff's Login Credentials Are Probably Already on the Dark Web
Your firm does not need to be hacked directly. A breach at a completely unrelated company may have already exposed your team's logins.
A dark web monitoring case example published in April 2026 highlighted a common risk for Australian professional services firms: staff credentials exposed through third-party breaches and later tested against business systems. In the example documented, an initial dark web scan of a financial services firm's email domain found 14 staff addresses listed across multiple breach databases, three with passwords still in active use.
The threat here does not require your firm to be hacked directly. Your staff member used their work email address to register for an unrelated service, that service was breached, and their credentials now sit on a dark web marketplace waiting to be tested against your Microsoft 365 environment, your cloud accounting platform, or your client management system. Compromised credentials are one of the most common initial access methods in Australian data encryption incidents, according to the ASD Annual Cyber Threat Report 2024-25.
In 2025, NSW-based financial services firm Skeggs Goldstien was confirmed as a Qilin ransomware victim, and Melbourne-based 3P Corporation was reported as a Space Bears ransomware target, with the company disputing the claim. Compromised credentials remain one of the most common starting points for attacks of this kind.
What to do next
Ask your IT provider whether dark web monitoring is in place for your business email domain.
Require staff to use unique passwords for every business platform, supported by a password manager.
Enable multi-factor authentication (MFA) on all business systems, particularly email, financial software, and any client data platform.
Akira and Qilin: Ransomware Groups Targeting Australian Businesses
Data publication now matters as much as encryption. Restoring your systems does not undo the reputational damage of leaked client files.
The Akira ransomware group has claimed an attack on Australian steel subcontractor Watkins Steel, stating 17 gigabytes of data were stolen. Separately, Victorian accounting firm MKA Accountants was listed as a Qilin ransomware victim with internal documents posted to the dark web.
Both incidents follow a pattern that is increasingly common: attackers who publish stolen data rather than simply encrypting it, making reputational damage harder to contain even after systems are restored. Any business holding sensitive client information faces the same exposure, regardless of size or industry.
The ACSC Ransomware Playbook strongly recommends not paying a ransom, noting there is no guarantee payment will restore access or prevent data being sold or leaked online.
What to do next
Confirm your data backup process is working and that backups are stored separately from your main network.
Update your incident response plan to specifically address data publication scenarios, not just encryption and recovery.
Restrict staff access to sensitive client files to those who need it for their current role.
Credential Theft: How ASD Is Detecting Attacks Before Businesses Do
In four out of ten ransomware cases last year, it was the government that told the business it had been attacked — not the other way around.
39%of ransomware victims were warned by ASD, not their own systems
$56,600average cybercrime cost per small business (FY2024-25)
$97,200average cybercrime cost per medium business (FY2024-25)
In four out of ten ransomware incidents, it was the government that notified the business — not the other way around.
ASD Annual Cyber Threat Report 2024-25
The ASD Annual Cyber Threat Report 2024-25 found that in 39% of ransomware incidents ASD responded to in FY2024-25, ASD contacted the affected organisation to warn them of a possible incident, rather than the organisation detecting and reporting it first. Information stealer malware sits quietly on devices, harvesting login credentials that are then sold on the dark web and used weeks or months later to launch a full attack.
That statistic is worth sitting with. When the government is notifying businesses of their own ransomware incidents in four out of ten cases, it raises a direct question: would you know if someone was in your network right now?
What to do next
Ask your IT provider whether your systems have endpoint detection and response (EDR) monitoring in place.
Enable dark web monitoring so you are alerted if staff credentials appear in a breach database.
Confirm your antivirus is a modern endpoint protection platform, not an older signature-based product.
Any business that manages its own web hosting, or uses a provider that runs cPanel or WHM, should confirm the relevant patch has been applied. The ACSC advisory specifically identifies small and medium businesses as the audience focus.
What to do next
Ask your IT provider or web hosting company whether your hosting environment uses cPanel or WHM.
Confirm your provider is aware of the advisory and has applied the relevant patch.
Review the full ACSC advisory for technical details and mitigation steps.
Subscribe to ACSC alerts at cyber.gov.au to receive future advisories as they are published.
Things to Keep on the Radar
Cyber insurance conditions and the AML/CTF deadline now eight weeks away
Cyber Insurance Is Tightening: Check Your Policy Before You Renew
Insurers are now checking whether your declared controls were actually in place at the time of a claim — not just whether you ticked the boxes when you signed up.
Insurers are updating cyber policy conditions to require demonstrable security controls as a condition of coverage. Evidence of multi-factor authentication, tested and verified backups, and documented staff training are increasingly listed as prerequisites rather than optional additions.
Coverage can be limited, challenged or made more difficult where a business cannot show that the controls declared during underwriting were actually in place at the time of an incident. According to analysis by Lander & Rogers, insurers are increasingly requiring evidence of MFA, tested backups, staff training, and incident response capability as underwriting conditions rather than general expectations.
What this means for your business
Before your next renewal, review your policy for references to minimum security requirements and confirm your current controls actually meet them. A policy that looks comprehensive on paper may leave you exposed if MFA is not enabled across all platforms or your backups have not been tested recently. Speaking with your broker before renewal, not after an incident, is the most practical step you can take.
AML/CTF Tranche 2: Eight Weeks to the Deadline for Professional Services Firms
Eight weeks to go. If you provide services involving company formation, client funds, or registered addresses, you are almost certainly in scope.
From 1 July 2026, accounting firms, law firms, conveyancers, and real estate agents will come under Australia's Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) regime for the first time. According to AUSTRAC, the number of regulated entities will grow from around 19,000 to close to 100,000, representing the largest expansion of Australia's AML/CTF framework since 2006.
31 March 2026
Enrolment opens for newly regulated businesses
Now
May 2026
Eight weeks remaining to prepare
1 July 2026
AML/CTF obligations commence for newly regulated businesses
29 July 2026
Final enrolment deadline for businesses already operating
The core obligations are a written AML/CTF program, a nominated compliance officer, customer due diligence procedures, staff training, and enrolment with AUSTRAC. Enrolment opened on 31 March 2026, and businesses already providing designated services on 1 July must complete enrolment by 29 July.
What this means for your business
Firms still assessing whether they are in scope should treat this as urgent. The services most commonly caught include company and trust formation, managing client funds, and providing a registered business address. AUSTRAC has published a starter kit specifically for small accounting practices at austrac.gov.au/amlctf-reform, and firms that start their preparation now will be operational and compliant on day one.
Did You Know?
Jam Cyber Manages Cloud Phone Systems for Australian Businesses
Most Australian businesses are still running phone systems that were built for a different era. They know when a call came in and who answered it, and that is roughly where the visibility ends.
Jam Cyber sets up and manages modern cloud-based VoIP phone systems for Australian businesses — taking care of configuration, ongoing management, and support so you can focus on using the system rather than maintaining it.
✆
Call Analytics
See call volumes, response times, and peak enquiry periods across your whole team.
✍
Transcription
Every call automatically transcribed so nothing important gets lost after the conversation ends.
📱
Mobile Integration
Your team takes business calls from anywhere, on any device, using your office number.
📉
Cost Savings
Most businesses reduce both line rental and call costs significantly after switching from traditional lines.
For a professional services business, a well-managed cloud phone system answers questions you probably cannot answer today. Which day of the week generates the most inbound enquiries? How long are callers waiting before hanging up? Which team members are handling the highest volume of client-facing calls? These are operational questions, and a modern phone system managed by Jam Cyber can answer all of them.
The practical difference between a system Jam Cyber manages and one you are running yourself is significant. A managed setup means the system is kept current, issues are resolved proactively, and your team gets actual support when something is not working.
The thread running through this month's brief is one that every business owner will recognise: the tools available to run your firm more efficiently are genuinely impressive, and so are the tools available to people trying to compromise it.
The businesses navigating this well are not chasing every new technology or reacting to every new threat. They are the ones that have made deliberate decisions about how their teams work, what their systems should tell them, and how they protect the data their clients have entrusted to them.
Ready to take the next step?
Let's Talk About Where Your Business Stands
No jargon, no hard sell. Just a clear, honest picture of your cyber security and IT — and what to do about it.
More than 20 years protecting Australian businesses
Not a single fully protected client has been breached since 2017
Jam Cyber Brief
May 2026 Edition
Two conversations are running simultaneously in Australian professional services firms. One is about how to do more with the same team and technology; the other is about staying secure in the process.
There is genuine momentum on the productivity front. AI tool adoption among Australian businesses is accelerating, cloud phone systems are unlocking business intelligence that used to require a dedicated analyst, and practical time savings of several hours a week are within reach for most firms.
The challenge is that the same technology shift creating efficiency gains is also expanding the attack surface. This month's brief covers both sides of that equation and points to practical steps your firm can take right now.
In this edition
IT & Cyber Trends We Are Seeing Right Now
Productivity, phone intelligence, and how to actually save time with AI
The AI Productivity Paradox: More Tools, More Chaos
Atlassian's 2026 State of Teams report, published in April, found that 87% of knowledge workers feel they cannot keep up with coordination demands as AI accelerates individual work faster than team coordination. Businesses are adding tools faster than they are redesigning how their teams actually work together.
The result is what researchers call a fragmentation tax: individual workers moving faster, but teams feeling more overwhelmed than before. The businesses seeing genuine productivity gains are those that have redesigned their workflows around AI rather than simply stacking new tools on top of existing ones.
For smaller firms, this is actually an advantage. Redesigning how a team of ten coordinates is considerably faster than doing the same for an organisation of thousands, and the benefits land more quickly too.
What to do next
Your Phone System Is Sitting on Untapped Business Intelligence
A modern cloud-based phone system does considerably more than route calls. Call analytics, transcription, response time data, and volume patterns give businesses a clear picture of how clients are engaging and where teams are spending time on the phone.
McKinsey research has found that companies using advanced contact centre analytics have reduced average handle time by up to 40% and resolved client issues faster. For any business where every minute of staff time has a real cost, that kind of visibility changes how you manage your team and your client experience.
The shift from a traditional phone line to a cloud-based VoIP system is not just a cost decision. It is a decision about whether your phone system works as a passive call handler or as an active source of business intelligence.
What to do next
Getting Real Hours Back: Practical Tools Businesses Are Using Right Now
One survey of Australian business owners and decision-makers found that 80% were using AI tools, with users reporting average time savings of 6.5 hours per week, although official adoption tracking suggests usage varies significantly by business size. According to Microsoft-commissioned research on Copilot adoption in Australia, users save an estimated nine hours per month on routine tasks such as drafting emails, summarising meetings, and generating reports.
The firms seeing the clearest gains are not the ones with the most tools. They are the ones using automation for specific, high-value tasks: document drafting, meeting summaries, scheduling, and client communication templates. Broad deployment without a clear purpose tends to add noise rather than remove it.
The good news for smaller businesses is that these tools are broadly accessible and affordable. A well-selected AI workflow can add meaningful capacity to a team of five or ten without the cost of a new hire.
What to do next
Current Cyber Threats for Australian SMEs
Dark web credentials, ransomware patterns, and an active ACSC alert
Your Staff's Login Credentials Are Probably Already on the Dark Web
A dark web monitoring case example published in April 2026 highlighted a common risk for Australian professional services firms: staff credentials exposed through third-party breaches and later tested against business systems. In the example documented, an initial dark web scan of a financial services firm's email domain found 14 staff addresses listed across multiple breach databases, three with passwords still in active use.
The threat here does not require your firm to be hacked directly. Your staff member used their work email address to register for an unrelated service, that service was breached, and their credentials now sit on a dark web marketplace waiting to be tested against your Microsoft 365 environment, your cloud accounting platform, or your client management system. Compromised credentials are one of the most common initial access methods in Australian data encryption incidents, according to the ASD Annual Cyber Threat Report 2024-25.
In 2025, NSW-based financial services firm Skeggs Goldstien was confirmed as a Qilin ransomware victim, and Melbourne-based 3P Corporation was reported as a Space Bears ransomware target, with the company disputing the claim. Compromised credentials remain one of the most common starting points for attacks of this kind.
What to do next
Akira and Qilin: Ransomware Groups Targeting Australian Businesses
The Akira ransomware group has claimed an attack on Australian steel subcontractor Watkins Steel, stating 17 gigabytes of data were stolen. Separately, Victorian accounting firm MKA Accountants was listed as a Qilin ransomware victim with internal documents posted to the dark web.
Both incidents follow a pattern that is increasingly common: attackers who publish stolen data rather than simply encrypting it, making reputational damage harder to contain even after systems are restored. Any business holding sensitive client information faces the same exposure, regardless of size or industry.
The ACSC Ransomware Playbook strongly recommends not paying a ransom, noting there is no guarantee payment will restore access or prevent data being sold or leaked online.
What to do next
Credential Theft: How ASD Is Detecting Attacks Before Businesses Do
In four out of ten ransomware incidents, it was the government that notified the business — not the other way around.
ASD Annual Cyber Threat Report 2024-25
The ASD Annual Cyber Threat Report 2024-25 found that in 39% of ransomware incidents ASD responded to in FY2024-25, ASD contacted the affected organisation to warn them of a possible incident, rather than the organisation detecting and reporting it first. Information stealer malware sits quietly on devices, harvesting login credentials that are then sold on the dark web and used weeks or months later to launch a full attack.
That statistic is worth sitting with. When the government is notifying businesses of their own ransomware incidents in four out of ten cases, it raises a direct question: would you know if someone was in your network right now?
What to do next
ACSC Critical Alert: Web Hosting Vulnerability Under Active Exploitation
The ACSC has issued an advisory on a critical vulnerability affecting cPanel and WebHost Manager (WHM), tools widely used for website and server administration. The vulnerability, tracked as CVE-2026-41940, is being actively exploited in Australia and has been rated critical.
Any business that manages its own web hosting, or uses a provider that runs cPanel or WHM, should confirm the relevant patch has been applied. The ACSC advisory specifically identifies small and medium businesses as the audience focus.
What to do next
Things to Keep on the Radar
Cyber insurance conditions and the AML/CTF deadline now eight weeks away
Cyber Insurance Is Tightening: Check Your Policy Before You Renew
Insurers are updating cyber policy conditions to require demonstrable security controls as a condition of coverage. Evidence of multi-factor authentication, tested and verified backups, and documented staff training are increasingly listed as prerequisites rather than optional additions.
Coverage can be limited, challenged or made more difficult where a business cannot show that the controls declared during underwriting were actually in place at the time of an incident. According to analysis by Lander & Rogers, insurers are increasingly requiring evidence of MFA, tested backups, staff training, and incident response capability as underwriting conditions rather than general expectations.
What this means for your business
Before your next renewal, review your policy for references to minimum security requirements and confirm your current controls actually meet them. A policy that looks comprehensive on paper may leave you exposed if MFA is not enabled across all platforms or your backups have not been tested recently. Speaking with your broker before renewal, not after an incident, is the most practical step you can take.
AML/CTF Tranche 2: Eight Weeks to the Deadline for Professional Services Firms
From 1 July 2026, accounting firms, law firms, conveyancers, and real estate agents will come under Australia's Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) regime for the first time. According to AUSTRAC, the number of regulated entities will grow from around 19,000 to close to 100,000, representing the largest expansion of Australia's AML/CTF framework since 2006.
The core obligations are a written AML/CTF program, a nominated compliance officer, customer due diligence procedures, staff training, and enrolment with AUSTRAC. Enrolment opened on 31 March 2026, and businesses already providing designated services on 1 July must complete enrolment by 29 July.
What this means for your business
Firms still assessing whether they are in scope should treat this as urgent. The services most commonly caught include company and trust formation, managing client funds, and providing a registered business address. AUSTRAC has published a starter kit specifically for small accounting practices at austrac.gov.au/amlctf-reform, and firms that start their preparation now will be operational and compliant on day one.
Did You Know?
Jam Cyber Manages Cloud Phone Systems for Australian Businesses
Most Australian businesses are still running phone systems that were built for a different era. They know when a call came in and who answered it, and that is roughly where the visibility ends.
Jam Cyber sets up and manages modern cloud-based VoIP phone systems for Australian businesses — taking care of configuration, ongoing management, and support so you can focus on using the system rather than maintaining it.
Call Analytics
See call volumes, response times, and peak enquiry periods across your whole team.
Transcription
Every call automatically transcribed so nothing important gets lost after the conversation ends.
Mobile Integration
Your team takes business calls from anywhere, on any device, using your office number.
Cost Savings
Most businesses reduce both line rental and call costs significantly after switching from traditional lines.
For a professional services business, a well-managed cloud phone system answers questions you probably cannot answer today. Which day of the week generates the most inbound enquiries? How long are callers waiting before hanging up? Which team members are handling the highest volume of client-facing calls? These are operational questions, and a modern phone system managed by Jam Cyber can answer all of them.
The practical difference between a system Jam Cyber manages and one you are running yourself is significant. A managed setup means the system is kept current, issues are resolved proactively, and your team gets actual support when something is not working.
Explore Cloud Phone Systems → Get in Touch
Final Thoughts
The thread running through this month's brief is one that every business owner will recognise: the tools available to run your firm more efficiently are genuinely impressive, and so are the tools available to people trying to compromise it.
The businesses navigating this well are not chasing every new technology or reacting to every new threat. They are the ones that have made deliberate decisions about how their teams work, what their systems should tell them, and how they protect the data their clients have entrusted to them.
Ready to take the next step?
Let's Talk About Where Your Business Stands
No jargon, no hard sell. Just a clear, honest picture of your cyber security and IT — and what to do about it.
Recent Posts
Categories