Organised crime gangs have improved access to sophisticated malware and are using it to steal intellectual property or commercially sensitive information, the Australian Cyber Security Centre (ACSC) warns.

Malicious software, once considered a niche capability, has become readily available through the online criminal market, often with ongoing technical support, the federal agency says in its first unclassified report on cyber security threats.

The complexity and sophistication of malware used for cyber crime rivals the capabilities of state-sponsored agencies.

The ACSC says cyber crime will increase over the next five years and become more sophisticated.

And foreign state-sponsored groups have adopted malware used for financially motivated cyber crime to mask their identities.

There will be more instances of “ransomware”, where a computer is locked and ransom demands made, plus an increase in electronic graffiti, where web pages are defaced and social media hijacked, “which is designed to grab a headline”.

Insurance Council of Australia CEO Rob Whelan says business has been slow to recognise the scale of the threat, with cyber crime estimated to cost $1 billion a year.

“Australian business can no longer afford to turn a blind eye to cyber crime,” he said.

Last year CERT Australia, the Federal Government’s computer emergency response team, responded to 11,073 cyber-security incidents affecting businesses, of which 153 involved systems of national interest, critical infrastructure and government.

The top five non-government sectors affected were energy, banking and financial services, communications, defence and support.

The report warns cyber criminals target the weakest link.

“If the network security of their primary target is robust, they will move to secondary targeting of other networks that may hold the same information but are easier to compromise. Australia’s relative wealth and high use of technology, including social media, email and online banking and government services, make it an attractive target for organised criminal syndicates.”

ACSC co-ordinator Clive Lines says the report should help organisations start an informed conversation about protecting their vital information.

The report includes information about mitigation and remediation.

“If every Australian organisation read this report and acted to improve their security posture, we would see a far more informed and secure Australian internet presence,” Mr Lines said.

The report is available here.