Cutting through with KSIB - newsletter 5

Strip of a painting of Ironbark trees

December 17 2025

Welcome to the fifth issue of Cutting through with KSIB, a short monthly newsletter summarising key insights from myself and the team.

This month I have profiled Steve Brown, who has joined us as a Managing Director focused on technology strategy (including AI) and cyber security. Steve is one of Australia’s most experienced technologists with a career of over 30 years at Macquarie Group and then in his own consulting firm. It is an absolute pleasure to welcome Steve to the team given his experience, but also his constant curiosity, learning agility and humility.

As I mentioned in Newsletter and Podcast #4, the start-up ecosystem is really accelerating with AI technology enablement. KSIB is partnering with a number of really innovative new start up and scale up firms to deliver outstanding outcomes for clients. In this edition of Cutting through with KSIB we profile NetNada, an AI platform for business sustainability reporting.

If you enjoy our insights, please forward our newsletter or a link to our podcasts and ask them to subscribe. Please feel free to email me at kristin@ksib.com.au, DM on LinkedIn @KristinStubbinsAM or phone/text me on +61 401 999 879 with ideas and comments.

Finally, I hope everyone has a safe and enjoyable Christmas. If you would prefer to listen to this newsletter as a podcast, please refer to this link.

Kristin

Kristin Stubbins

Our topics this month

  1. Introducing Steve Brown, expert technologist and cyber security guru. Steve shares some Christmas messages about being cyber aware.

  2. Cutting through the complexity of sustainability reporting.

① Steve Brown’s Christmas messages about being cyber aware

KSIB is pleased to welcome Steve as a Managing Director in our core team. After a stellar career in technology and cyber security for over 30 years, including at Macquarie Group, Steve will lead our focus on technology strategy, resilience and cyber security. After starting his technology career at age 10 by printing out the source code for a game from a mainframe at Macquarie Uni (he tells us it was legal at the time), Steve has spent the last 30 years navigating the complexity of the technology and cyber worlds.

Beyond the recent local cyber incidents that we are all aware of, some of the most significant global events are as follows:

  • NotPetya 2017 – this cyber-attack cost Maersk and other organisations significantly. This attack targeted infrastructure and had impacts on both business operations and earnings.
  • WannaCry 2017 - this ransomware attack targeted companies running the Microsoft Windows operating system and stopped the NHS from performing surgeries for a time.
  • Colonial pipeline 2021 – this attack physically took out gas supply lines

It is difficult for companies to always keep the cyber risk front of mind if the Board and management have not personally experienced a major issue. Nevertheless, it is important that this is a crucial and meaningful part of risk management strategies. This is even more of an imperative as AI enabled technology implementations accelerate across the market.

Companies need to consider the existing cyber risks and controls that should be present in any technology control environment, but there are now unique risks that did not exist prior to AI becoming commonly available and used, including by threat actors. For example, with companies exposing chatbots through their applications, this becomes a new vector for cyber-attacks. Chatbots can also be influenced or socially engineered in the same way a human can, because they have been trained to respond in the same way a human can.

Quote from Steve:

“If you tell your LLM: absolutely do not do XYZ – with enough time and effort, an attacker can convince the LLM to do exactly what you told it (ie programmed) not to do. So, if you have an LLM embedded in your main system, you might find an attacker working out a way to get the LLM to access your back-end system and to share confidential information. There are some good mitigations, practices and approaches to prevent that happening.”

The holiday periods are the most active period for cyber attackers. Here are some key things to consider as you get ready to go on the break:

  • Who is going to be around over the break, and do they have the right skills and experience to deal with a cyber incident?
  • Do you have out of hours contact details to hand to get people into the office quickly if needed?
  • Have you really tested your recovery procedures to make sure you know how to recover from an incident if it occurs?

From an individual’s perspective – be vigilant regarding scams as they are particularly prolific at this time of year.

For more details on how to be cyber secure over the holidays, Steve has written a more detailed article.

② Cutting through the complexity of sustainability reporting with our partner, NetNada

KSIB has partnered with NetNada, an innovative Australian scale up company that focuses on cutting through the complexity of sustainability reporting. The founders, Lochie and Afonso, met as academics at the University of NSW and combine experience with unmanned systems and drones along with environmental engineering. They formed NetNada to help companies with the burden of sustainability reporting. The platform is an operating system where all of a company’s sustainability information, data, policies, procedures and compliance can live. Foundational data is extracted from a myriad of systems and automation and AI streamlines workflows, reads invoices and data and produces models in the back end. This enables not only historical analysis but also projected emissions over time.

The system is designed to increase the efficiency and accuracy of the climate and sustainability reporting process for all reporters. Using a systematic approach to set up sustainability reporting properly in year 1, will save costs in year 2 and beyond. The impact of the NetNada platform goes well beyond compliance, however, with many use cases emerging where companies need to report sustainability impacts as part of the tendering process. NetNada can drive real impact – not just reporting compliance – as you measure the execution of your strategy with sustainability metrics embedded.

KSIB’s experience with helping companies navigate complex reporting and analysis aligns naturally with NetNada’s platform. More information on the platform itself is available at www.netnada.com.