Why AI, sovereignty and visibility are redefining cyber strategy: Infotrust

In the latest Cyber Strategy Brief for iTnews, Infotrust executives Julian Challingsworth, Simon McKay and Dan Suto unpack the emerging pressures on security teams, from the growing importance of data sovereignty to the operational realities of defending modern IT environments.

The conversation explores how organisations can strengthen cyber resilience while still enabling innovation, as AI adoption spreads rapidly across businesses and attack windows continue to shrink.

Sovereignty becomes a strategic issue

For Challingsworth, Infotrust CEO, one of the most significant shifts underway is the growing focus on data sovereignty and control.

He argues the question of where data resides – and who can legally access it – is becoming a strategic concern for organisations navigating geopolitical uncertainty, regulatory requirements and customer expectations.

“I think people are really concerned; where is my data?” Challingsworth told iTnews. “It’s my customer’s data. It’s the lifeblood of my business.”

Rather than simply treating cloud decisions as a cost or scalability exercise, organisations are increasingly being forced to consider how data governance, procurement policies and security controls align with national jurisdiction and contractual obligations.

Challingsworth also highlights the growing challenge of “shadow AI”, where employees experiment with AI-powered tools outside formal governance frameworks.

“Boards often think they’ve got their AI programs under control,” he says. “But they don't realise how much shadow IT and experimentation is happening across different business units.” 

AI governance becomes critical

As organisations race to adopt artificial intelligence, McKay, Infotrust’s CEO of Cyber, says many are facing a familiar pattern.

Much like the early days of cloud adoption, businesses are embracing the benefits of AI before fully establishing the governance structures needed to manage the risks.

“I think the horse has bolted in terms of AI; we’re already using it,” McKay says.

That means organisations must now focus on implementing the right guardrails while ensuring teams can still take advantage of AI’s benefits.

“We’re seeing customers ask: how do we make sure these tools are secure, and that there’s good governance in place?” he says.

At the same time, the threat environment is intensifying. The window between vulnerability discovery and exploitation is shrinking rapidly, while AI is also improving the scale and sophistication of attacks.

“We used to see vulnerabilities sit in the wild for months before they were exploited,” McKay says. “Now that window can be days or even hours.”

Optimising what organisations already have

Meanwhile, Suto, Executive General Manager of Managed Technology at InfoTrust, says many organisations are overlooking an important opportunity: they may already have much of the cyber capability they need.

According to Suto, the biggest challenge is often visibility.

“You can’t protect what you can’t see,” he says.

Many organisations have invested in multiple security tools, but are not fully utilising them due to internal pressures, lack of training or fragmented operating models.

Suto argues effective cyber strategy increasingly requires breaking down the traditional divide between infrastructure and security teams.

“Infrastructure and cyber can no longer operate in silos,” he says. “It has to be ingrained in everything we do.”

For fast-growing organisations in particular, the biggest mistake is often adopting technology faster than governance can keep pace.

“You need to find the balance,” Suto says. “Adopting technology faster than governance can keep pace creates risk later.”

For more insights, watch the full Cyber Strategy Brief conversation in the video above.

Visit infotrust at www.infotrust.com.au