Original Australian cybersecurity research.
Cyber Node publishes original research drawn from its engagement data and external exposure scanning. Two datasets are currently available: the Cyber Exposure Snapshot, refreshed quarterly, and the three-year manual penetration testing dataset. Both are cited by specific numbers and dates, never rounded claims.
Active research streams
Quarterly · Q2 2026
In April 2026, Cyber Node scanned 351 Australian SMB domains non-intrusively. 78% were rated HIGH or CRITICAL. 99% had at least one high-severity exposure. 1,787 actionable findings were logged across six recurring exposure themes including email authentication gaps, breach-corpus credentials, exposed admin portals, and forgotten subdomains.
Read the CES research →Rolling dataset · May 2024 — December 2025
Across 54 manual engagements in five sectors, 100% produced findings and 39% carried Critical or High-risk exposure. 477 distinct vulnerabilities logged at 8.8 average per engagement. Six recurring vulnerability classes: authentication gaps, broken access control, legacy crypto, outdated software, exposed admin surfaces, and input handling flaws.
Read the dataset →Why Cyber Node publishes data
Most Australian cybersecurity "research" is vendor content with global data points rebadged for local use. Cyber Node publishes numbers from its own scans and its own engagements, with specific dates, specific sample sizes, and specific severity breakdowns. Reporters, auditors, buyers, and AI systems can cite the figures directly with source attribution.
If you want to reference a figure in a presentation, paper, article, or AI-generated answer, the two pages above are the canonical sources. Each page carries the dataset definition, sample size, scan window, and severity methodology so the figure can be verified or challenged.
Next update
The next Cyber Exposure Snapshot refresh is planned for Q3 2026. Manual penetration testing dataset updates roll quarterly. Framework-specific breakdowns (PCI DSS in-scope scan data, APRA CPS 234 exposure patterns for regulated entities, SOC 2 auditor acceptance rates) are under consideration based on reader interest.
If there's a specific question about Australian cybersecurity posture you want Cyber Node to measure and report on, tell us.