1300 787 267

Cyber Threats in Australia: 2024–2025 Insights for Businesses

Cyber threats in Australia are increasing in both frequency and impact. The Australian Signals Directorate (ASD) has released the Annual Cyber Threat Report 2024–25, providing insights into the digital risks facing businesses of all sizes. This guide summarises the report’s key findings and what small and medium business owners need to know.

Why Cyber Security Matters

Australia’s extensive use of digital technology makes businesses and organisations attractive targets for cyber actors. These include:

  • State-sponsored actors, targeting government networks, critical infrastructure, and private businesses for espionage or disruption.
  • Cybercriminals, aiming for financial gain through tactics such as identity theft, ransomware, and business email compromise.

The report highlights that cyber threats are growing in sophistication, requiring businesses to take proactive steps to protect their networks, systems, and data.

Key Statistics from 2024–25

  • 42,500 calls to the Australian Cyber Security Hotline, averaging 116 calls per day (up from 100 per day the previous year).
  • 1,200 cyber security incidents responded to by ASD’s Australian Cyber Security Centre, an 11 per cent increase.
  • 1,700 notifications sent to organisations about potentially malicious activity, up 83 per cent.
  • Financial impact on businesses:
    • Small business: average loss $56,600 (up 14%).
    • Medium business: average loss $97,200 (up 55%).
    • Large business: average loss $202,700 (up 219%).

These figures underline the growing cost and frequency of cyber incidents across all business sizes.

Common Incident Types

The report identified the top incident types affecting different sectors:

Critical infrastructure:

  • Compromised asset/network/infrastructure 55%
  • Denial of Service (DoS/DDoS) 23%
  • Compromised account/credentials 19%

Government (federal, state, local):

  • Compromised asset/network/infrastructure 37%
  • DoS/DDoS 16%
  • Malware (non-ransomware) 15%

Business:

  • Email compromise (no financial loss) 19%
  • Business email compromise fraud 15%
  • Identity fraud 11%

Individuals:

  • Identity fraud 30%
  • Online shopping fraud 13%
  • Online banking fraud 10%

Emerging Trends

The 2024–25 report also highlights several emerging cyber threats:

  • Ransomware: 11 per cent of incidents included ransomware.
  • Denial of Service attacks: more than 200 incidents, up 280 per cent from last year.
  • Publicly reported vulnerabilities increased by 28 per cent.
  • Artificial Intelligence (AI) is enabling attacks on a larger scale and at a faster rate.
  • Living off the land (LOTL) techniques remain common, where attackers use built-in system tools to avoid detection.

Actions Recommended for Businesses

The ASD report provides clear guidance for improving cyber resilience:

  • Implement strong multi-factor authentication.
  • Use unique, strong passwords or passphrases.
  • Keep all software up to date.
  • Be vigilant for phishing emails and scams.
  • Regularly back up data to reduce the impact of incidents.
  • For operational technology, isolate vital systems and maintain a recovery plan.
  • Focus on critical assets and sensitive data.
  • Prepare for future technologies, including post-quantum cryptography and safe AI integration.

Final Thoughts

Cyber threats in Australia are real, growing, and increasingly sophisticated. Small and medium businesses are not immune. By understanding the risks outlined in the 2024–25 ASD report and taking practical steps to improve cyber security, businesses can reduce the likelihood of costly incidents and protect their operations.


Source: ASD Cyber Threat Report 2024-25

Get In Touch

At Rachis, we’re here to support you — let us know how we can help.