The Australian Signals Directorate’s (ASD) Annual Cyber Threat Report for 2023-24 highlights Australia’s evolving cyber threat landscape.
This threat landscape aligns with the challenging strategic environment outlined in the 2024 National Defence Strategy and the 2023 Cyber Security Strategy, with strategic competition being accompanied by technological developments including in cyber capabilities.
This year’s report details how malicious state and non-state cyber actors continue to target Australian governments, critical infrastructure, businesses and individuals, including for the purposes of espionage, disruptive effects and financial gain.
While the number of cyber incidents being reported remains steady, the report shows the impact and costs of cybercrime to Australian small businesses and individuals are increasing.
“The ASD Annual Cyber Threat Report comes amid a continued deterioration in Australia’s strategic environment,” said Minister for Defence Richard Marles. “In this context, ASD plays a key role in countering threats in the cyber domain. The continued cooperation of Australian businesses and individuals is also crucial to defending our country from cyber threats.”
Key findings from the report include:
- ASD received over 36,700 calls to its Australian Cyber Security Hotline, an increase of 12% from 2022-23;
- ASD received over 87,000 reports of cybercrime over the financial year, an average of a report every six minutes;
- 11% of the 1,100 cyber security incidents ASD responded to related to critical infrastructure; and
- The average cost of cybercrime for small businesses rose by 8% from last year to AUD49,600 per report and by 17% for individuals to AUD30,700 per report.
This year’s report reinforces the importance of having close public and private sector partnerships to effectively bolster Australia’s cyber defences. It also highlights the need for all Australians to play their part in protecting our nation’s cyber security.
The Australian Government has committed AUD15-$20 billion over the next decade in the 2024 Defence Integrated Investment Program to enhance our cyber domain capabilities. This includes prioritising funding for REDSPICE to enhance ASD’s cyber and signals intelligence capabilities.
It has also committed AUD586.9 million to delivery of the 2030 Cyber Security Strategy, appointed the nation’s first Cyber Security Coordinator, developed a first stand-alone Cyber Security Act and strengthened the Security of Critical Infrastructure (SOCI) Act, made attributions against foreign actors, created the Executive Cyber Council, and used the Protective Security Policy Framework to uplift commonwealth cyber security.
The government has also taken steps to deter cybercriminals and hold them to account, including by using for the first time Australia’s autonomous cyber sanctions framework to impose cyber sanctions on Russian criminals.
“This report underlines the urgency of our systemic response to the cyber security threat,” said Minister for Home Affairs and Cyber Security Tony Burke. “This is our fastest-growing threat and we need to use all the tools available to government and business to confront it. This report only reinforces the importance of the cyber security legislation current before the parliament.”