Cybercrime is a persistent and disruptive threat, and the impact on small businesses and individuals are increasing. This report details how malicious state and non-state cyber actors are targeting Australian governments, critical infrastructure, businesses and individuals for the purposes of espionage, disruption and financial gain. 

This year’s report reinforces the importance of having close public and private sector partnerships to effectively bolster Australia’s cyber defences. It also highlights the need for all Australians to play their part in protecting our nation’s cyber security.

Key findings 

• The average Australian household has 12 or more devices connected to the internet, and are spending more time online than ever before.
• The Australian Signals Directorate (ASD) received over 36,700 calls to its Australian Cyber Security Hotline, an increase of 12 per cent from 2022-23.
• ASD received over 87,000 reports of cybercrime over the financial year, an average of a report every six minutes.
• 11 per cent of the 1,100 cyber security incidents ASD responded to related to critical infrastructure.
• The average cost of cybercrime for small businesses rose by 8 per cent from last year to $49,600 per report, and by 17 per cent for individuals to $30,700 per report. 
• Artificial intelligence is being used by cybercriminals to conduct increasingly targeted attacks.

Recommendations

• Consider cyber security when implementing new technologies and follow ASD’s best-practice cyber security advice.
• Ensure products and services are secure-by-design and secure-by-default.
• Critical infrastructure organisations should adopt a stance of 'when' not 'if' a cyber security incident will occur.
• All organisations should have a cyber security incident response plan and test it regularly to ensure an effective response and fast recovery.