The financial and insurance services sector accounted for 7% of all cyber incidents reported last financial year – the largest proportion among all industries.  

More than 84,700 cybercrimes were reported in the year to June, according to intelligence agency the Australian Signals Directorate. Among organisations, government made up 46% and private industry the rest.

The agency says the “vast majority” of cybercrimes continue to go unreported.

“Financial and insurance services rose to be the most frequently reporting non-government sector. Some of this rise is attributable to DDoS [distributed denial of service] activity targeting the financial sector.

“Cybercriminals are continuing their aggressive campaign of credential theft, purchasing stolen usernames and passwords from the dark web to access personal email, social media or financial accounts.”

The healthcare/social assistance, media/telecommunications, and professional, scientific and technical services sectors each accounted for 6% of reported cyber incidents.  

Next were transport, postal and warehousing, and education/training on 5% each, and construction and retail trade on 3% each.  

The average cost per report was $33,000 for individuals and $80,850 for businesses: for small business it was $56,600, with medium at $97,200 and large $202,700.  

Attacks on critical infrastructure made up 13% of all incidents. The top three business activity types in this category were financial and insurance services (32%), transport, postal and warehousing (26%) and media/telecommunications (16%).

The intelligence agency says critical infrastructure “will continue to be an attractive target for state-sponsored cyber actors, cybercriminals and hacktivists, largely due to large sensitive data holdings and the critical services that support Australia’s economy”.

Critical infrastructure operators were notified of potentially malicious cyber activity affecting their networks more than 190 times in the year, up 111%.

“The years ahead will bring challenges for organisations in emerging technology, such as post-quantum cryptography.

“Effective transition plans will be critical to operating in 2030 and beyond – a post-quantum computing world – and this planning must start now.”

See the report here. 

From the latest Insurance News magazine: How to unleash the power of AI without hallucinating your way into a scandal