Login
iscover
Krishna Sai, chief technology officer at SolarWindsShare this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Observability is becoming Australia’s next work health and safety duty, with cyber resilience at its core.
For decades, the duty of care for safety has been anchored in physical health, accident prevention, and operational risk management. However, as the digital landscape evolves, a new dimension of accountability is forming. Cyber resiliency is rapidly becoming a work health and safety (WHS) model that regulators, boards, and safety professionals can no longer afford to overlook.
The direction is clear. Failure to monitor and remediate digital hazards is now drifting into the same liability space as physical safety. Regulatory signals are mounting. In 2022, the Australian Securities and Investments Commission (ASIC) versus RI Advice marked the first judgement to hold a licensee in breach of failing to maintain adequate cyber risk controls. In November 2023, ASIC chair Joe Longo warned directors that the regulator would look for whether or not reasonable care and diligence on cyber resilience was taken and would act where they did not. At the same time, the government’s 2023–2030 Cyber Security Strategy signals tougher governance rules. This includes the introduction of a Cyber Incident Review Board, while the Australian Institute of Health and Safety called for cyber risks to be integrated into the existing WHS regime.
The shift is undeniable: digital hazards are no longer confined to the IT department. They are becoming a core component of workplace safety and organisational duty of care. As Australian organisations increasingly rely on digital infrastructure, anticipating, detecting, and responding to cyber incidents is now fundamental to protecting data, people, operations, and business continuity.
This is where observability is stepping into the spotlight as an IT best practice and a potential future WHS obligation.
Observability as the digital hazard monitor
Observability plays the same role in cyber safety as air quality sensors and guardrail inspections play in physical safety: it provides a continuous, real-time feedback loop that shows – and can even predict – when risk is increasing and whether protective controls are working as intended.
While more organisations are recognising the importance of resilience in their IT systems, the threat landscape is evolving too quickly for traditional, reactive approaches to be effective. It is no longer enough to rely on isolated technologies or static best practices. To keep pace with today’s cyber threats, organisations must adopt a proactive, integrated approach with observability at the core, forming the foundation of a resilient, layered defence.
Why observability matters now
Today’s IT environments are more complex than ever. Many Australian organisations are navigating cloud repatriation, adopting hybrid and multi-cloud architectures, and expanding their use of generative AI, all of which increase system scale, complexity, and potential attack surfaces. These hazards can now disrupt not just critical services but also safety systems and essential operations.
Meanwhile, the adoption of AI is adding more automated workflows to the IT environment. More automation is positive for innovation and efficiency, but it also introduces new risks. The threat landscape is becoming more accessible. Democratised AI tools are lowering barriers for cyber criminals, making phishing, social engineering, and other attacks much easier to execute. The SolarWinds public sector survey found that 58 per cent of organisations are concerned about cyber security mistakes from untrained insiders – a significant risk, as human factors remain a leading cause of cyber incidents.
Every entry point is a potential hazard if not properly monitored. In the same way that unguarded machinery or faulty safety equipment can create unacceptable workplace risks, unobserved digital infrastructure can open the door to cyber incidents that may have operational, safety, and legal consequences.
Organisations need an observability strategy to provide complete, real-time visibility across these growing, shifting environments to detect threats quickly, mitigate breaches effectively, and importantly, protect workforces from the cascading impacts of digital failures.
How to approach observability for cyber resilience
To build true resilience and meet rising expectations of work health and safety, observability must evolve from a collection of monitoring tools. It should be a unified, strategic function that integrates across the entire IT environment, including cloud, on-prem, and hybrid.
Employers have a duty to provide safe machinery, protective equipment, and hazard monitoring in the physical workplace, but they now face a growing responsibility to provide well-governed digital environments. Relying on fragmented monitoring tools creates gaps that delay responses, increase the risk of uncoordinated recovery, and expose organisations to potential threats – all of which could soon carry WHS implications.
The most effective observability strategies are holistic, proactive, and tightly integrated. By employing a single platform with intelligent alerting, root-cause analysis, and built-in remediation, IT teams can reduce mean time to remediation (MTTR) and respond with greater accuracy and clarity, while limiting business disruption that could affect staff, customers, and public safety.
Robust observability should also incorporate security best practices, such as multifactor authentication, encryption, and employee training, to avoid phishing risks. Cyber resilience isn’t just about prevention – it’s about how quickly and effectively an organisation can contain, investigate, and recover from an incident.
A key pillar of modern workplace safety
Cyber incidents now have the potential to impact more than data. They can disrupt safety systems, essential services, and place physical wellbeing at risk. As the legal and regulatory focus on cyber risks intensifies, organisations that proactively invest in observability will be better positioned to fulfil their duty of care.
As WHS frameworks expand, observability is becoming a critical measure and an essential part of protecting operations and building truly resilient workplaces.
Be the first to hear the latest developments in the cyber industry.
