Five leading cybersecurity experts warn AI is being integrated faster than security policies can manage the risk, creating urgent privacy gaps for SMEs ahead of Data Protection Day on 28 January.
What’s happening: Data Protection Day on 28 January marks the signing of Convention 108, the first legally binding privacy treaty. Leading cybersecurity and privacy experts warn Australian businesses that AI adoption is accelerating faster than security frameworks, while consumer trust in data handling has plummeted to just 14%.
Why this matters: Small businesses are particularly vulnerable to data breaches and privacy failures, which carry devastating financial, legal and reputational consequences. With consumers increasingly judging brands on privacy practices, SMEs that demonstrate robust data protection gain a significant competitive advantage in 2026.
Leading cybersecurity and privacy experts are warning Australian businesses that AI tools are being integrated into operations faster than security frameworks can protect customer data, creating urgent risks that demand immediate board-level attention on Data Protection Day.
As the industry marks 28 January, the anniversary of Convention 108, the first legally binding privacy treaty, five experts have highlighted how small and medium enterprises face particular vulnerability because they often lack enterprise-level security resources while managing sensitive customer information.
AI outpacing security
Pieter Danhieux, Co-Founder and CEO of Secure Code Warrior, says AI tooling is being integrated into enterprise development workflows quicker than security programmes and policies can mitigate the risk it poses.
“Now, more than ever, enterprise security leaders must build their security arsenal with planned, strategic observability of AI coding tools and agents, especially when it comes to the commits they’re making to sensitive codebases,” Danhieux said.
He emphasises that AI-powered coding assistants require robust security guardrails to ensure safe handling of any code that could expose private data, noting these tools are best reserved for only the most skilled, security-savvy developers in enterprise environments.
Vab Mittal, Country Head for ANZ at Adactin, says taking control of privacy has become a board-level imperative for organisations managing sensitive customer data. “In a widely reported Australian breach, unauthorised access to personal records exposed identity data at scale, leading to regulatory investigations, class actions, significant remediation costs, and long-term erosion of public trust,” Mittal said.
“The incident demonstrated that privacy is not just about preventing breaches, but about maintaining control across systems, data flows, and decision-making processes.”
Manual processes create gaps
Gareth Cox, Vice President APJ at Exabeam, warns that attempting to meet strengthened privacy reforms with manual processes puts organisations at risk. “If there is still a reliance on spreadsheets, shared documents, and ad hoc reporting to demonstrate compliance, this increases the chance of errors,” Cox said. He identifies automation as the critical first step, noting that routine tasks like data mapping, log correlation and compliance reporting can be handled far more accurately and quickly with automated systems, reducing the likelihood of human error.
“AI and machine-learned behavioural analytics add another layer of value. By continuously learning what is normal within an organisation, these systems can surface unusual activity in real time and highlight risks that may require attention,” Cox said.
He stresses that integration across tools is equally important, as privacy obligations touch nearly every part of the technology stack, while fragmented solutions create gaps that make it harder to prove compliance or detect risks.
Trust drives competitive edge
Consumer trust in how organisations handle personal data has deteriorated sharply, creating both risk and opportunity for businesses that prioritise privacy.
Patrick Harding, Chief Product Architect at Ping Identity, says data privacy has become a defining factor in how consumers judge brands. “Three-quarters are now more worried about the safety of their personal data than they were five years ago, and a mere 14% trust major organisations to handle identity data responsibly,” Harding said.
He notes that as AI agents increasingly act on behalf of humans, only the continuously verified should be trusted as authentic. “The businesses that adopt a ‘verify everything’ approach that puts privacy at the centre and builds confidence across every identity, every interaction, and every decision, will have the competitive edge,” Harding said.
Mittal emphasises that as AI is increasingly used for service delivery, fraud detection and decision support, the need for control has intensified. “AI amplifies both value and risk when data governance, access controls and testing are not embedded upfront,” Mittal said.
“Organisations today need to take control of their privacy by designing AI and data platforms with security, governance and continuous validation at their core.”
Ownership matters
Darius Vitlin, Senior Consultant at Customer Science, says effective privacy management requires clear business ownership of personal information.
“Fundamentally, we need to know exactly what personal information is held, where it resides, and the specific risks involved in its retention in order to make decisions around privacy with confidence,” Vitlin said.
He stresses this extends beyond regulatory compliance to protecting customers, staff and the long-term viability of the business itself. “Those who work with the data know the data and the risks it carries best. These owners need to be supported and empowered in their role,” Vitlin said. “When ownership is clear and data managers are empowered, privacy becomes a proactive, integrated part of the organisational culture.”
Cox recommends businesses serious about data privacy in 2026 consider investment in modern platforms with open integrations that bring data together into a single view, giving teams the visibility they need to streamline compliance, detect threats earlier and accelerate incident response. Mittal concludes that leaders who take control of privacy will be best positioned to scale AI safely and sustain trust throughout 2026.
Keep up to date with our stories on LinkedIn, Twitter, Facebook and Instagram.
