Australia’s cyber security landscape has become more perilous, with a new report revealing a dramatic rise in cyber incidents and financial losses over the past year. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) annual report for FY2023-24 paints a stark picture of an increasingly sophisticated and persistent threat environment.
The report reveals that the Australian Cyber Security Hotline received over 36,700 calls in the past year, a 12% increase from the previous year. In total, more than 1,100 cyber security incidents were reported to the ACSC, underscoring the growing challenges of defending Australia’s critical networks and systems against a rising tide of cyberattacks.
Cyber Threats Escalating
According to Peter Maloney, CEO of AUCyber, the cyber threat environment in Australia has become more complex and dangerous. Maloney emphasised that Australian organisations are now contending with both traditional cybercriminals and state-sponsored actors, who are employing far more sophisticated tactics to target critical infrastructure and government networks.
“The cyber threat environment in Australia has never been more complex,” Maloney said. “We’re not just dealing with traditional cybercriminals; state-sponsored actors, with far more sophisticated capabilities, are actively targeting our critical infrastructure and government networks. The strategic threats we face today are on a scale that hasn’t been seen since World War II.”
The report also highlights the increasing sophistication of cybercriminals, who are now using emerging technologies like artificial intelligence to bypass traditional defence measures. Business email compromise, online banking fraud, and ransomware continue to be the most common types of cybercrime faced by Australians, with the financial impact steadily rising. In FY2023-24, the average loss per cybercrime incident reported by individuals jumped by 17%, reaching $30,700.
Rising Costs and Growing Risks
“While the financial toll of cybercrime is staggering, the broader impact on trust and security and flow on effect is even more concerning,” Mr. Maloney said.
“The financial cost of cybercrime is staggering, but the true price is the erosion of trust in our systems. The fact that individuals are losing tens of thousands of dollars, and businesses are continuously targeted by cybercriminals, is a call to action for every organisation to take cyber security seriously.”
The report also highlights the continued threat posed by state-sponsored cyber actors, particularly from China and Russia. These countries have been increasingly targeting Australian networks for espionage, disruption, and to exert geopolitical influence. The report notes that the People’s Republic of China (PRC) is leveraging “living off the land” techniques, which involve exploiting native tools within systems, while Russia is adapting its cyber tactics to exploit cloud platforms.
Critical Infrastructure at Risk
One of the most concerning findings in the report is the vulnerability of Australia’s critical infrastructure. More than 11% of the cyber incidents reported to ASD in FY2023-24 involved critical infrastructure, highlighting the high stakes for national security and the economy. Cyberattacks on these networks could disrupt essential services, affecting millions of Australians.
“Critical infrastructure remains a prime target for cyber attackers due to the catastrophic impact a successful attack could have on essential services,” Maloney commented. “We need to be proactive in reinforcing these systems, as the cost of inaction could be devastating.”
Government and Industry Responses
In response to the growing threat, the Australian Government has taken significant steps to bolster its cyber defence. For the first time, the government used its autonomous cyber sanctions framework to target two Russian nationals involved in cybercrime activities. This move underscores Australia’s commitment to protecting its citizens and deterring malicious actors.
Maloney stressed that addressing cyber security threats requires strong collaboration between government, industry, and international partners.
“Collaboration remains our strongest weapon against cyber threats. No single organisation can tackle these issues alone. That’s why strong partnerships between industry, government, and the international community are essential in building a resilient defence against these ever-evolving threats,” he said.
Preparing for the Future
Cyber Security is an ongoing challenge that requires constant investment in new technologies, practices, and training. Australian organisations need to adopt a proactive stance, by regularly updating ICT systems, following best practices like the ACSC Essential Eight, and preparing detailed incident response plans.
“Cyber security is not a one-off fix. It requires continuous investment in the latest technologies, practices, and training. We must be ready for the ‘when’—not the ‘if’—of a cybersecurity incident. Our resilience depends on it,” Maloney said.
As the cyber threat environment continues to evolve, the ASD encourages all Australians to report suspicious cyber activity through the Australian Cyber Security Hotline (1300 CYBER1) or ReportCyber at cyber.gov.au.
Download your copy of Annual Cyber Threat Report 2023-2024.
