The Australian Signals Directorate has released its Annual Cyber Threat Report, which shows how an “increasing dependency on digital and internet-connected technology means Australia remains an attractive target for criminal and state-sponsored cyber actors”.

The directorate notes 84,700 attacks were logged through its ReportCyber program in 2024-25. That is about one every six minutes, similar to the previous year.

The average self-reported cost to individual breach victims was up 8% to $33,000, but the average cost to businesses soared by 50% to $80,850.

By business size, the cost – and the change against previous years – breaks down as follows ...

The directorate’s Australian Cyber Security Centre answered more than 42,500 calls to its cybersecurity hotline, up 16% on the previous year, and it notified entities more than 1700 times of potentially malicious cyber activity – an 83% increase.

The centre responded to 1253 incidents, up 11% on the previous year.

It ranks each of these on a scale from category 6 (least severe) to category 1 (most severe), considering both the level of impact and the significance of the organisation affected.

Last year's attack responses – by number and category – looked like this ...

The leading cybercrimes reported by businesses were email compromise that resulted in no financial loss (19%), business email compromise fraud that did result in financial loss (15%) and identity fraud (11%). Identity fraud led the way among individuals, at 30%, making it the top problem reported overall.

About 11% of all incidents the Australian Cyber Security Centre responded to included ransomware, consistent with the previous year.

As you might expect, the most populous states had the highest share of all cybercrime reports in 2024-25. Hotspots Queensland, Victoria and NSW recorded disproportionately higher rates relative to their populations, the annual round-up says.

Insurers a target

Of all the attack reports made by organisations, insurance and other financial services had the largest share outside government ...

“Financial and insurance services rose to be the most frequently reporting non-government sector,” the report notes, adding: “Some of this rise is attributable to DDoS activity targeting the financial sector.”

Denial of service (or DoS) attacks are designed to disrupt online services such as websites and email to stop legitimate users accessing them. DDoS (distributed denial of service) is a DoS attack using multiple computers or other internet-connected devices that direct network traffic at such services, effectively jamming them and shutting them down.

The Australian Cyber Security Centre responded to more than 200 incidents involving DoS or DDoS – up more than 280% on the previous year.

And as we can see, the insurance and finance sector reported its fair share ...

The directorate considers insurance and financial services to be a “critical infrastructure” operator. The report notes critical infrastructure “is, and will continue to be, an attractive target for state-sponsored cyber actors, cybercriminals and hacktivists, largely due to the sensitive data it holds and its role in providing services that support Australia’s national resilience, sovereignty and prosperity”.

The most common attack types leading to critical infrastructure incidents were...

And the top three sectors by report number were...

Scoring goals

The directorate also categorises cyber incidents using the MITRE ATT&CK framework – “an open-source knowledge base of adversary tactics and techniques ... which provide a common language for describing, understanding and analysing cyber threats”.

Each behaviour notes the techniques used – or the “approach” of the adversary – and their tactics, or ultimate goal. Reported techniques (and goals) used against industry in 2024-25 broke down as follows...

Resilience the key

The report says state-sponsored cyberattackers “continue to pose a serious and growing threat to our nation. They target networks operated by Australian governments, critical infrastructure and businesses for state goals.

“The threat from cybercrime also continues to challenge Australia’s economic and social prosperity, with average reported financial losses, the frequency of ransomware attacks and the number of reported data breaches all increasing throughout 2024–25.”

And it warns:

The threat environment ... underscores the need for all Australian individuals, private and public entities to take action to uplift our cyber resilience at every level

From the latest Insurance News magazine: We sit down with some of the industry's top tech leaders to discuss system overhauls, collaboration and the threat of disruption