A politician who spent years investigating the misuse of surveillance software had his own phone compromised by Pegasus spyware. That revelation, confirmed by security researchers this week, landed like a gut punch across the global cybersecurity community, and it didn't go unnoticed at La Trobe University's Bendigo campus, where a digital privacy seminar had already been scheduled for the first week of July.
The timing matters. We are living through a moment when the tools designed to protect ordinary people online are being tested, commercialised, abused and debated simultaneously. Browser ecosystems are fragmenting. Device interfaces are multiplying. And spyware that was once the exclusive preserve of nation-states is now available to a much wider range of bad actors. For Bendigo, a city that has grown a genuine technology sector over the past decade, these aren't abstract Silicon Valley problems.
Local Institutions Caught in the Middle
Bendigo's Centre for Excellence in Cyber Security, which operates out of a shared-space facility on View Street and partners with regional businesses from the Mitchell Street tech corridor, has been fielding a surge of enquiries since mid-June. Small and medium businesses, healthcare providers and local government contractors are all asking the same basic question: how do we know our devices aren't leaking data we never agreed to share?
The Bendigo Bank, headquartered on Pall Mall, updated its internal cybersecurity protocols in March 2026 after an external audit flagged vulnerabilities in mobile authentication workflows used by around 3,400 regional staff. That audit cost approximately $180,000 and took twelve weeks to complete, figures that give a sense of what serious security work actually costs, even before any breach occurs.
La Trobe Bendigo's computer science faculty has been running its Digital Rights and Responsibilities elective since 2024. Enrolments jumped 34 per cent between Semester 1 2025 and Semester 1 2026, according to university data released in May. Academics there argue that the problem isn't technology itself but the governance vacuum around it. Pegasus-style intrusions, they point out, are legal in some jurisdictions and flatly illegal in others, and Australia's own regulatory framework under the Privacy Act 1988 is straining to keep pace with commercial spyware that can silently extract messages, photos and microphone data from an unmodified smartphone.
The Promise and the Trap
None of this means people should throw their phones into the Bendigo Creek. Privacy-focused browsers, end-to-end encrypted messaging apps and hardware security keys genuinely reduce risk for most users. The question is whether the average resident of, say, Strathdale or Kangaroo Flat has the time, budget or technical literacy to navigate a security landscape that changes faster than most people change their passwords.
A 2025 survey by the Australian Cyber Security Centre found that 43 per cent of Australians had experienced at least one cybersecurity incident in the preceding twelve months, yet fewer than one in five had a current, tested backup of their most critical personal data. That gap, between threat awareness and actual protective behaviour, is where both the commercial security industry and ethically questionable surveillance operations find their opening.
For Bendigo residents and businesses, a few practical steps cut through the noise. Using a browser that doesn't share browsing history with an advertising network by default costs nothing. Enabling two-factor authentication on banking and email accounts takes under five minutes. The Bendigo Community House network, which runs digital literacy workshops across seven locations including the Golden Square neighbourhood, offers free sessions most Thursdays, and attendance, according to staff, has roughly doubled since early 2026.
The harder problem is structural. No individual security practice protects someone against a government or corporate actor with the resources and legal cover to deploy sophisticated intrusion tools. That requires regulation, transparency and political will, and right now, all three are in shorter supply than most cybersecurity experts would like.