In a year defined by ever escalating cyber risks, the 2025 Microsoft Digital Defense Report offers a stark look at how threat actors — from cyber criminals to nation-state adversaries — are evolving faster than ever. According to the report, authored in part by Amy Hogan-Burney, Corporate Vice President for Customer Security & Trust at Microsoft, organisations around the globe must urgently modernise how they defend themselves.
The data reveals Australia ranked 10th globally among countries where Microsoft customers were most frequently impacted by cyber activity. Within the Asia-Pacific region, Australia ranked fourth among customers most frequently affected, accounting for nearly 10 percent of all impacted customers. The findings underline that Australia remains a significant target for cyber threat actors across both criminal and nation-state categories.
More than half of all cyberattacks with known motives — around 52 percent — were driven by financial gain, particularly through ransomware and extortion campaigns. Attacks focused purely on espionage accounted for only around 4 percent. This shows that most cyber activity is now profit-motivated, putting both public and private organisations at risk regardless of their strategic value.
Critical public services remain among the most frequently targeted, largely due to the essential services they provide, the sensitive data they hold, and the challenges of maintaining up-to-date security across complex systems and constrained budgets. For Australia, this includes state and territory health systems, utilities, transport, and local government.
Nation-state cyber operations are also expanding, driven increasingly by geopolitical objectives. The report notes that governments are increasingly leveraging criminal networks to carry out espionage or disruptive activities, a trend that further blurs the line between cybercrime and state-sponsored operations. This has particular implications for Australian organisations involved in defence, energy, and technology supply chains.
Artificial intelligence is transforming the cybersecurity landscape, being used by both attackers and defenders. Threat actors are using AI to scale their operations — automating phishing campaigns and refining social engineering — while defenders are using it to detect and block attacks faster, close detection gaps, and protect vulnerable users. The report emphasises that AI has become a necessary tool for security teams to keep pace with increasingly sophisticated threats.
Perhaps most critically, the report highlights that adversaries aren’t breaking in — they’re signing in. More than 97 percent of identity attacks are password-based, yet 99 percent of these can be blocked by implementing phishing-resistant multi-factor authentication. This statistic underscores how fundamental cyber hygiene and strong identity protection remain the most effective defences against compromise.
The report’s recommendations are clear. Cybersecurity must be elevated to the boardroom level as a core business risk. Organisations should adopt phishing-resistant multi-factor authentication, segment and secure critical systems, and invest in their people as much as their technology. Building a culture of cyber readiness and continuous improvement is vital.
Defensive use of AI and automation should be prioritised to detect and respond to attacks more rapidly, while collaboration across industry, government, and international partners remains essential to build collective resilience.
For Australia, the findings serve as a timely reminder of the country’s growing exposure to both cybercrime and nation-state activity. The nation’s digital transformation has brought great benefits, but it has also widened the attack surface. The Microsoft report makes clear that vigilance, innovation, and cooperation will be key to staying ahead in an increasingly contested digital world.
You can read the full report here.
