Australia is under constant cyberattack, with an increasingly sophisticated and persistent threat environment, according to a new report into cyber incidents and financial losses over the past year that was released this week.
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) Annual Report for FY2023-24 revealed the Australian Cyber Security Hotline received more than 36,700 calls in the past year, a 12% increase from the previous year.
In total, more than 1,100 cyber security incidents were reported to the ACSC, underscoring the growing challenges of defending Australia’s critical networks and systems against a rising tide of cyberattacks.
According to AUCyber CEO Peter Maloney the cyber threat environment in Australia has become more complex and dangerous. He emphasised that Australian organisations were now contending with both traditional cybercriminals and contemporary players using sophisticated tactics.
“The cyber threat environment in Australia has never been more complex,” Maloney said. “We’re not just dealing with traditional cybercriminals; state-sponsored actors, with far more sophisticated capabilities, are actively targeting our critical infrastructure and government networks. The strategic threats we face today are on a scale that hasn’t been seen since World War II.”
The report also highlights the increasing sophistication of cybercriminals, who are now using emerging technologies like artificial intelligence to bypass traditional defence measures.
Business email compromise, online banking fraud, and ransomware continue to be the most common types of cybercrime faced by Australians, with the financial impact steadily rising. In FY2023-24, the average loss per cybercrime incident reported by individuals jumped by 17%, reaching AUD30,700.
“While the financial toll of cybercrime is staggering, the broader impact on trust and security and flow on effect is even more concerning,” Maloney said. “The financial cost of cybercrime is staggering, but the true price is the erosion of trust in our systems. The fact that individuals are losing tens of thousands of dollars, and businesses are continuously targeted by cybercriminals, is a call to action for every organisation to take cyber security seriously.”
The report also highlights the continued threat posed by state-sponsored cyber actors, particularly from China and Russia. These countries have been increasingly targeting Australian networks for espionage, disruption, and to exert geopolitical influence. The report notes that China is leveraging living off the land techniques, which involve exploiting native tools within systems, while Russia is adapting its cyber tactics to exploit cloud platforms.
One of the most concerning findings in the report is the vulnerability of Australia’s critical infrastructure. More than 11% of the cyber incidents reported to ASD in FY2023-24 involved critical infrastructure, highlighting the high stakes for national security and the economy. Cyberattacks on these networks could disrupt essential services, impacting millions of Australians.
“Critical infrastructure remains a prime target for cyber attackers due to the catastrophic impact a successful attack could have on essential services,” said Maloney. “We need to be proactive in reinforcing these systems, as the cost of inaction could be devastating.”
In response to the growing threat, the Australian Government has taken significant steps to bolster its cyber defence. For the first time, the government used its autonomous cyber sanctions framework to target two Russian nationals involved in cybercrime activities.
Maloney stressed that addressing cyber security threats required strong collaboration between government, industry, and international partners.
“Collaboration remains our strongest weapon against cyber threats,” he said. “No single organisation can tackle these issues alone. That’s why strong partnerships between industry, government, and the international community are essential in building a resilient defence against these ever-evolving threats,” he said.
Cyber Security is an ongoing challenge that requires constant investment in new technologies, practices, and training. Australian organisations need to adopt a proactive stance by regularly updating ICT systems, following best practices like the ACSC Essential Eight, and preparing detailed incident response plans.
“Cyber security is not a one-off fix,” added Maloney. “It requires continuous investment in the latest technologies, practices, and training. We must be ready for the ‘when not the if’ of a cybersecurity incident. Our resilience depends on it.”
