Highlights:
- In FY 21, the Australian Cyber Security Centre received over 67,500 reports of cybercrime
- A quarter of cyber incidents associated with Australia’s critical infrastructure or essential services
- Cybercrime incidents increased by 13% last year
- Self-reported losses from cybercrime totalled over $33 billion
Self-reported losses from cybercrime in Australia were over $33 billion last year. The frequency and impact of cyberattacks goes hand in hand with a massive cybersecurity skills shortage. Australia will need 7,000 cybersecurity professionals by 2024, notes Australia’s Cyber Security Sector Competitiveness Plan.
The increase in volume of cybercrime reporting equates to one report of a cyber attack every 8 minutes compared to one every 10 minutes last financial year.
A higher proportion of cyber security incidents this financial year was categorised by the ACSC as ‘substantial’ in impact.
The increasing frequency of cybercriminal activity is compounded by the increased complexity and sophistication of their operations. The accessibility of cybercrime services – such as ransomware-as-a-service (RaaS) – via the dark web increasingly opens the market to a growing number of malicious actors without significant technical expertise and without significant financial investment.
No sector of the Australian economy was immune from the impacts of cybercrime and other malicious cyber activity.
Government agencies at all levels, large organisations, critical infrastructure providers, small to medium enterprises, families and individuals were all targeted over the reporting period – predominantly by criminals or state actors.
The key threats identified by the Australian Cyber Security Centre:
- Exploitation of the pandemic environment by the malicious actors
- Disruption of essential services and critical infrastructure:
- Ransomware has grown in profile and impact, and poses one of the most significant threats to Australian organisations.
- Rapid exploitation of security vulnerabilities
- Security Vulnerabilities
- Supply chains
- Business Email Compromise
Also read: Gartner’s Most Important Cyber Security Trends For 2022
‘We haven’t invested enough in Cybersecurity’
“We just haven’t made enough investment and don’t have enough people to fight cybercrime at scale,” says Cybersecurity leader at EY Oceania. “And Australia needs to rapidly change the equation on that.”
Around 85% of Cyber Security leaders in Australia think outdated security approaches are failing in the face of modern threats. Only 40% were confident their security tools would protect them against sophisticated attacks.
However, since the introduction of the Security Legislation Amendment (Critical Infrastructure Protection) Bill in 2020, EY believes more organisations are realising the need to rapidly strengthen their sovereign cybersecurity capabilities.
“We’ve seen a number of organisations increase their funding fivefold or tenfold for a cybersecurity transformation program, or an uplift program, to deal with the changes in the Critical Infrastructure Act,” he says.
Recommended reading: Is Cybersecurity Innovation in Australia lagging behind?
