Powered by MOMENTUMMEDIA
For breaking news and daily updates, subscribe to our newsletter

The operational challenge: What the Mackay Sugar cyber attack reveals about Australia’s cyber readiness

Operational technology is vital to the bottom line of many Aussie companies – but it’s often forgotten when it comes to cyber security, one expert has warned.

Mon, 06 Jul 2026
The operational challenge: What the Mackay Sugar cyber attack reveals about Australia’s cyber readiness

In early June, a nightmare scenario occurred at a vital sugar mill in North Queensland: a ransomware attack not only breached Mackay Sugar’s network but also disrupted operations at two of the company’s sugar mills.

Within days, Mackay Sugar was able to get operations back online, but the outcome could have been far more catastrophic.

A similar attack on carmaker Jaguar Land Rover last year saw the UK government forced to provide an emergency bailout to the tune of £1.5 billion. The attack was so damaging to car production that the country’s gross domestic product (GDP) was impacted. In many ways, Mackay Sugar got off lightly, yet the incident is illustrative of the cyber readiness of Australia’s critical infrastructure operators.

 
 

“Many organisations have made significant investments in protecting corporate networks, but industrial environments often contain legacy systems, specialised equipment and complex operational processes that were not originally designed with modern cyber threats in mind,” Jason Pearce, field CTO at Claroty, told Cyber Daily.

“The Mackay Sugar incident also highlights a challenge we see across many industrial sectors: the operational technology assets that generate the vast majority of a company’s revenue often receive only a small fraction of the overall cyber security budget. Production lines, processing facilities, and industrial control systems are the assets that keep the business running, yet security investments have historically been concentrated on traditional IT environments.”

According to Pearce, for vital sectors such as food production, the question of risk has changed. It’s no longer a matter of whether they *might* get targeted, but rather whether or not they have enough visibility into their operational environment.

If they don’t have adequate visibility, then detection, containment, and subsequently recovery become problematic.

“This incident reinforces the need for organisations to align cyber security investment with operational risk. The systems responsible for generating revenue and delivering essential services need the same level of visibility, protection, and resilience as corporate IT networks,” Pearce said.

“Australia has made substantial progress in cyber security awareness, but incidents such as this demonstrate that there remains significant work to do in protecting the industrial systems that underpin essential services, food production and economic activity.”

However, the Mackay Sugar incident also reveals the challenge faced by regional industries, compared to those in or closer to metropolitan areas.

“Cyber attacks can have a disproportionate impact on regional and rural Australia as these communities often depend on a smaller number of critical services,” Pearce said.

“When a major employer or essential service experiences a cyber incident, the consequences extend well beyond the organisation itself. Supply chains can be disrupted, local businesses affected, and communities may experience flow-on impacts ranging from reduced services to economic uncertainty.”

For instance, Mackay Sugar is Australia’s second-largest manufacturer of sugar, and subsequently one of the largest employers in the region. In addition, it operates a cogeneration plant that powers approximately a third of the Mackay region’s annual power requirements.

There are other, just as unique, challenges faced by regional operators.

“Critical infrastructure is often geographically dispersed, relies on operational technology systems that have evolved over decades, and may be supported by smaller local teams than those found in major metropolitan centres. This can make both incident response and recovery more complex,” Pearce said.

“The lesson is that cyber resilience is no longer just an IT issue. For regional organisations, particularly those operating critical infrastructure, resilience planning must extend across operational technology environments, business continuity processes and third-party supply chains to minimise the impact when incidents occur.”

Cyber DailyWant to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.
Tags:

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.