The $98m cybercrime epidemic: Aussie businesses hit every seven minutes

The $98m cybercrime epidemic: Aussie businesses hit every seven minutes

Cybercrime is on the rise in Australia with a federal government report revealing businesses were being hit every seven minutes in FY22, up from every eight minutes a year earlier.

The Australian Cyber Security Centre’s (ACSC) annual Cyber Threat Report 2021-22 reveals that cybercrime cost businesses $98 million last financial year, with medium-sized businesses the hardest hit.

Some 76,000 cybercrimes were reported during the year, an increase of 13 per cent on a year earlier, but medium sized business lost an average of $88,000 for every crime reported. This compares with $39,000 for small businesses and $62,000 for larger corporations.

“Over the 2021–22 financial year, the deterioration of the global threat environment was reflected in cyberspace,” says the report which was compiled with the assistance of the Defence Intelligence Organisation, Australian Federal Police, Australian Criminal Intelligence Commission and Australian Security Intelligence Organisation.

“This was most prominent in Russia’s invasion of Ukraine, where destructive malware resulted in significant damage in Ukraine itself, but also caused collateral damage to European networks and increased the risk to networks worldwide.

“In Australia, we also saw an increase in the number and sophistication of cyber threats, making crimes like extortion, espionage, and fraud easier to replicate at a greater scale.”

The ACSC report says cyberspace has become a ‘battleground’ with threats also identified from China and Iran over the past year.

“Regional dynamics in the Indo-Pacific are increasing the risk of crisis and cyber operations are likely to be used by states to challenge the sovereignty of others,” it says.

Fraud, online shopping and online banking were the most reported cybercrimes, accounting for 54 per cent of all reports during the year. The report also warns that between 150,000 and 200,000 small office and home office routers in Australian homes and small businesses are vulnerable to compromise.

The report says ransomware remains the most destructive cybercrime against businesses and it warns that critical infrastructure networks globally are increasingly being targeted.

“Both state actors and cybercriminals view critical infrastructure as an attractive target,” says the report.

“The continued targeting of Australia’s critical infrastructure is of concern as successful attacks could put access to essential services at risk. Potential disruptions to Australian essential services in 2021–22 were averted by effective cyber defences, including network segregation and effective, collaborative incident response.”

The report says the ‘rapid exploitation of critical public vulnerabilities’ has become the norm for organisations and individuals.

“Malicious actors persistently scanned for any network with unpatched systems, sometimes seeking to use these as entry points for higher value targets. The majority of significant incidents ACSC responded to in 2021–22 were due to inadequate patching.”

During the year, the ACSC says it took down more than 15,000 domains hosting malicious software that specifically targeted Australia’s COVID-19 vaccine rollout.

Although the ACSC estimates cybercrime to have cost Australian businesses $98 million last financial year, it suggests that this figure could be much higher.

“As the volume of cybercrime increases, cybercriminal methodology evolves, and digital transactions blur national borders, it is becoming increasingly difficult to accurately estimate the total cost of cybercrime,” the report says.

Enjoyed this article?

Don't miss out on the knowledge and insights to be gained from our daily news and features.

Subscribe today to unlock unlimited access to in-depth business coverage, expert analysis, and exclusive content across all devices.

Support independent journalism and stay informed with stories that matter to you.

Subscribe now and get 50% off your first year!

Four time-saving tips for automating your investment portfolio
Partner Content
In today's fast-paced investment landscape, time is a valuable commodity. Fortunately, w...

Related Stories

Medibank confirms cybercriminal has taken customer data

Medibank confirms cybercriminal has taken customer data

Private health insurer Medibank Private (ASX: MPL) has this morning...

Australian Cyber Security Centre reports multiple victims of LockBit 2.0 ransomware

Australian Cyber Security Centre reports multiple victims of LockBit 2.0 ransomware

A ransomware attack called LockBit 2.0 has hit multiple organisat...

Business email compromise scams cheat Australians out of $79m

Business email compromise scams cheat Australians out of $79m

The rise of remote working has been exploited by scammers who hav...

Cybersecurity is a business risk, not an IT problem

Cybersecurity is a business risk, not an IT problem

A cyber attack on a business is about more than technology. The ...