Australian government and businesses organisations need to move beyond a mindset that achieving compliance with security standards will save them from attacks, and instead focus