Chloe ThompsonLieutenant General Susan Coyle, Australia's Chief of Joint Capabilities and the first woman to lead a warfighting domain in the Australian Defence Force, is speaking at the Space Symposium in Colorado Springs this week (13–16 April 2026) — and her message carries direct implications for Australian businesses of every size.
Who Is Susan Coyle and Why It Matters Right Now
LTGEN Coyle was appointed Chief of Joint Capabilities Group in July 2024, giving her command over Australia's space, cyber, and national defence support capabilities. She is the highest-ranking military officer responsible for protecting Australia's digital and orbital infrastructure — and she has been remarkably direct about the current threat environment.
At a defence conference in March 2026, Coyle stated that "space security is no longer a future consideration; it is present and an urgent requirement." Her appearance at this week's Space Symposium places her alongside senior military and intelligence leaders from the US, UK, and other Five Eyes partners to discuss exactly what those threats look like — and what should be done about them.
For Australian businesses, the significance is not theoretical. Australia's ADF cyber capability exists to defend national infrastructure, but as Coyle's own briefings have made clear, the boundary between military and civilian cyber targets is increasingly blurred. Ransomware groups, state-sponsored actors, and opportunistic attackers frequently target the supply chains and business networks that underpin critical services.
What the Defence Force Has Been Warning Businesses
The Australian Signals Directorate (ASD), which operates under Coyle's broader joint capabilities umbrella, publishes the Australian Cyber Security Centre's Annual Cyber Threat Report, which consistently identifies small and medium enterprises as among the most targeted and least-protected cohort of Australian organisations.
The 2024–25 Annual Cyber Threat Report found that over 84,700 cybercrime reports were made to the ACSC in a single year — the average self-reported cost per cybercrime incident for businesses rose 50% to $80,850. ASD's ACSC responded to more than 1,200 cyber security incidents, an 11% rise on the previous period. Ransomware caused significant operational disruption across healthcare, logistics, and financial services.
These are not statistics from distant economies. They reflect the everyday threat environment facing Australian businesses right now, in April 2026.
The Four Most Critical Actions for Australian Businesses
Coyle's public statements and the ASD's own guidance converge on a consistent set of recommendations. For businesses that have not yet taken these steps, the window for acting before the next major incident is getting shorter:
1. Implement Multi-Factor Authentication (MFA) The single most effective barrier against credential-based attacks is also one of the simplest to deploy. The ASD reports that MFA can prevent up to 99% of automated account compromise attempts. Despite this, many Australian SMEs still rely on password-only access for their business systems.
2. Patch and Update Systematically Attackers routinely exploit known vulnerabilities — flaws that vendors have already released fixes for. A structured patch management process, even a simple monthly review, dramatically reduces your attack surface. Unpatched systems running outdated software are among the most common entry points in reported incidents.
3. Back Up Data — and Test the Backups Ransomware is only effective if it can destroy your only copy of your data. Businesses with tested, offline backups can typically restore operations within hours rather than weeks. The word "tested" is critical here — many organisations discover their backup strategy was flawed only when they actually need it.
4. Know Who to Call In the event of a cyber incident, speed matters enormously. Australian businesses can report incidents to the ACSC at 1300 CYBER1 (1300 292 371). Having this number saved — and knowing your incident response steps in advance — can significantly reduce the financial and reputational damage of an attack.
Space and Cyber: Why They're Now the Same Problem
One of the key themes at this week's Space Symposium is the interdependence of space systems and terrestrial cyber infrastructure. Australia's GPS navigation, satellite communications, and earth observation capabilities — all of which underpin commercial logistics, agriculture, mining, and finance — depend on both orbital assets and the ground-based networks that control them.
As Coyle noted when hosting the inaugural Space Chief's Conclave in Australia, "almost every aspect of modern society — civil, commercial and military — now relies on space systems." A successful cyberattack on ground station infrastructure could disrupt services Australians rely on daily, from ATM networks to freight tracking.
For businesses, this convergence means that cyber risk is no longer just an IT department problem — it's a board-level strategic risk.
Do You Need an IT Security Specialist?
Many small and medium businesses assume that enterprise-grade cybersecurity is beyond their budget. The reality is that the most impactful protections — MFA, patching, backups, and staff training — can be implemented with relatively modest investment.
An experienced IT security specialist can assess your current exposure, identify your most critical vulnerabilities, and build a practical roadmap that aligns with your budget and risk profile. For businesses handling client data, financial records, or critical operational systems, this is not a luxury — it is a minimum standard of care. You can connect with top cybersecurity experts in Australia to get a professional assessment tailored to your organisation.
As Australia's cyber chief takes the global stage this week to discuss the threats our nation faces, the question for every business owner is the same: are we protecting ourselves as well as we should be?
This article is for general informational purposes only. For advice specific to your organisation's cybersecurity posture, consult a qualified IT security professional.
