ASD CYBER THREAT REPORT 2023-2024

Hands typing on a laptop with floating data visualisations, representing cybersecurity and data analysis. The image illustrates insights from the ASD Cyber Threat Report 2023-2024, highlighting trends, impacts, and responses to cybercrime affecting Australia.

What is it?

The Australian Signals Directorate (ASD) Cyber Threat Report 2023-2024 was released on 20th November, which has collated data on cyber incidents in Australia over the last financial year. It gives a comprehensive review of the current cyber threats impacting the Australian government, citizens, and their businesses. The types, costs, impact, and number of cybercrimes for the past year have been analysed and produced for the public to gain a better understanding of the cybercrime landscape.

Cybercriminals are continuing to adapt in order to compromise Australian networks, and as such, the government has committed billions of dollars to develop better visibility of threats, more resilient infrastructure, new intelligence functions, and cyber operations.

What does the report tell us?

  • Answered over 36,700 calls to the Australian Cyber Security Hotline, up 12%
  • Average self-reported cost of cybercrime per report for individuals, up 17% ($30,700)
  • Average self-reported cost of cybercrime per report for businesses, down 8% overall
    • small business: $49,600 (up 8%)
    • medium business: $62,800 (down 35%)
    • large business: $63,600 (down 11%)
  • Received over 87,400 cybercrime reports, down 7%
  • Publicly reported common vulnerabilities and exposures increased 31%
    11% of all incidents responded to included ransomware, a 3% increase from last year

Top cybercrime types for individuals

  • Identity fraud: 26%
  • Online shopping fraud: 15%
  • Online banking fraud: 12%

Top cybercrime types for businesses

  • Email compromise: 20%
  • Business email compromise (BEC) fraud: 13%
  • Online banking fraud: 13%

BEC fraud continues to significantly hurt businesses. With the self-reported losses nearly reaching $84 million, this averages to $55,000 per confirmed incident.

Australian critical infrastructure also remains a popular target for cybercriminals. In order to deliver essential services to all Australians, organisations are required to hold sensitive data within technology and systems that are becoming increasingly interconnected. This makes it a key area that cybercriminals seek to exploit.

ASD reported that 11% of cyber security incidents were related to critical infrastructure.

The 3 most common cyber security incident types affecting Australian critical infrastructure organisations were:

  • compromised account or credentials (32%)
  • malware infection (other than ransomware) (17%)
  • compromised asset, network or infrastructure (12%)

The causes of these attacks range from espionage to financial gain, and, unfortunately, Australian’s should work on the basis of ‘when’ a cyber incident will occur, not ‘if’.

What do we do with this?

The sheer volume of cyberthreats means it requires a collaborative effort to defend against them. It is crucial that all incidents are reported, and everyone plays their part in bolstering Australia’s security.

ASD encourages citizens and businesses to apply more cybersecurity measures in their everyday lives. Protect your data and systems by practising good cyber hygiene:

  • ensure multi-factor authentication is used wherever available
  • use unique passwords and passphrases, and change them regularly
  • ensure backups are current
  • make sure all your devices up to date
  • educate yourself and your staff how to recognise scams and phishing attempts

To read the full report, visit the Australian Signals Directorate website:
https://www.cyber.gov.au/about-us/view-all-content/reports-and-statistics/annual-cyber-threat-report-2023-2024

If you have any questions or concerns, send them through to [email protected] and we’re happy to answer what we can!

Share:

More Posts