Revealed: Shocking cost of cyber attacks on Australian businesses
Australians are being hit with a new crime every six minutes that is costing thousands of dollars, and experts say there is a way to avoid it.
Australia’s intelligence agency receives a cybercrime report every six minutes, with almost half of all breaches now linked to the use of stolen passwords and usernames rather than hacking.
Major threats include espionage targeting critical infrastructure and widespread organised crime using compromised credentials to access accounts to steal money, data or demand ransoms, according to the Australian Signals Directorate (ASD) annual cyber threat report for 2024-25 released on Tuesday.
The ASD received about 84,700 cyber crime reports last financial year, and notified critical infrastructure entities like telcos, water, energy and transport networks of potential malicious cyber activity more than 190 times — an increase of 111 per cent.
About 42 per cent of cyber breaches impacting large organisations, government, academia or supply chains involved the use of compromised or stolen credentials to gain unauthorised access.
The average self-reported cost of a cybercrime has skyrocketed by 219 per cent for big business to $202,700, while medium businesses have experienced a 55 per cent increase to $97,200.
Businesses and government organisations are being urged to bolster their cyber security amid increased threats from malicious state actors.
Last year, the ASD detected China-linked cyber groups had compromised thousands of internet-connected devices, including home routers, to create a network of “bots” through which they could hide their malicious activity targeting businesses, critical infrastructure and government departments.
The report has also highlighted the threats to key sectors like telecommunications and healthcare, pointing to an incident last year involving an e-prescription service targeted by cyber criminals who stole the personal and health information of about 12.9 million Australian customers.
ASD director Abigail Bradshaw said state-sponsored cyber actors posed a “serious and growing threat” as they were “increasingly targeting Australia”.
Ms Bradshaw has urged businesses prepare for “post-quantum cryptography” by strengthening encryption used to guard sensitive data and communications.
The ASD is assuming super-fast computers will be able to crack current encryption methods, which essentially protect privacy by scrambling data as it is sent through the internet, by 2030.
Acting Prime Minister Richard Marles said the threat report has again shown the urgency of industry and government working together to lift Australia’s cyber defences.
“The report makes clear that malicious actors have been working unseen to steal data and demand ransom payments from Australian victims, or to target our most critical networks for disruptive assessments,” he said.
Home Affairs and Cyber Security Minister Tony Burke urged Australians to install the latest software updates, enable multifactor authentication wherever available and use unique passwords.
“And if you receive an unexpected cold call, hang up and call back through the official line,” he said.
“Most cyber incidents are preventable, and basic defensive measures make a huge difference.”
More Coverage
Originally published as Revealed: Shocking cost of cyber attacks on Australian businesses
