116 Gawler Place, Adelaide SA 5000 1800 818 875 [email protected]

Top 10 Insights from the Annual Cyber Threat Report 2023–2024: A Business Perspective

Top 10 Insights from the

Annual Cyber Threat Report 2023–2024: A Business Perspective

For the cyber enthusiast among us, the Annual Cyber Threat Report by the Australian Signals Directorate (ASD) always provides fascinating insights.

The latest 78-page report is full of large numbers – but none of these are particularly surprising considering the increasing sophistication from hackers.

Below I have outlined what I believe are the top 10 “numbers” business owners should be aware of. Additionally, I have added what you can do to mitigate your risks against becoming a statistic.

1. In FY2023–24, ASD received over 36,700 calls to its Australian Cyber Security Hotline, an increase of 12% from the previous financial year.

The rise in calls to the Australian Cyber Security Hotline underscores both a growing number of threats – but also a growing awareness of cyber threats across Australia. While this is a positive sign of vigilance, it also highlights the increasing challenges businesses face in securing their digital environments.

For Australian SMEs, this is a reminder that cyber criminals increasingly target smaller organisations due to limited defences.

What can you do?

  • Act Now, Not Reactively: Don’t wait for a breach to address your cyber security. Proactive measures like regular system updates and multi-factor authentication can prevent most common attacks.
  • Leverage Resources: The Australian Cyber Security Hotline is a valuable resource – get familiar with the hotline here: https://www.cyber.gov.au/about-us/about-asd-acsc/contact-us#no-back
  • Invest in Training: Human error remains a leading cause of breaches. Training your staff to recognise phishing attempts and secure their devices is an investment in your business’s resilience.
ASD Annual Cyber Threat Report 2023-2024

2. Average cost of cyber crime to small business up 8% to $49,600

 

The average cost of cyber crime for small businesses has risen to $49,600, an 8% increase, highlighting the growing financial burden on SMEs. Interestingly, while costs have decreased for medium and large businesses, smaller organisations are bearing a greater share of the impact.

 This could be attributed to limited resources for prevention and recovery, making small businesses attractive targets.

What can you do?

  • Understand the Costs: Beyond the financial hit, cyber incidents can damage reputation and disrupt operations. Prevention is far less costly than recovery.
  • Invest in Security: Affordable measures like multi-factor authentication, secure backups, and robust endpoint protection can greatly reduce risks.
  • Be Prepared: Develop an incident response plan. Quick action can minimise the financial and operational damage of a breach.
Blog ASD Annual Cyber Threat Report 2023 2024 02 2

3. Average self-reported cost of cyber crime per report for individuals, up 17% ($30,700)

 

The 17% rise in the average cost of cyber crime for individuals, now at $30,700, reflects the increasing sophistication of cyber criminal tactics. Scammers are evolving their methods to exploit vulnerabilities, often targeting individuals with highly convincing phishing scams, identity theft, and social engineering. This trend has direct implications for small and medium business owners.

Key Considerations for SMEs:

  • Sophisticated Attacks Affect Everyone: Cyber criminals often target employees and customers to gain access to business systems. Be aware that seemingly personal attacks can pose a direct risk to your organisation.
  • Strengthen Defences: Invest in advanced cyber defences like endpoint security and behavioural monitoring to detect and block more sophisticated threats.
  • Raise Awareness: Educate employees about emerging threats such as deepfake scams or spear-phishing attacks. Informed teams are your first line of defence against evolving cyber risks.
Blog ASD Annual Cyber Threat Report 2023 2024 03 2

4. Business Email Compromise (BEC) now accounts for 20% of all reported cyber crime from businesses

Business Email Compromise (BEC) now accounts for 20% of all reported cyber crime from businesses (no financial loss). BEC fraud (financial loss) accounts for an additional 13% of reported crimes.

This highlights the significant risk email compromise poses, particularly for SMEs, which often rely heavily on email for critical communications and transactions. The report further highlighted that overall, when there was a financial loss involved with BEC, the average cost was $55,000 per confirmed incident.

Cyber criminals are increasingly exploiting trust within email correspondence, leading to costly mistakes that can severely impact a business’s operations and reputation.

What can you do?

  • Understand the Threat: BEC attacks are highly targeted and often sophisticated. Beyond financial losses, they can disrupt business operations and damage trust with clients and partners.
  • Enhance Email Security: Simple measures like multi-factor authentication, email filters, and anti-spoofing protocols (SPF, DKIM, DMARC) can significantly reduce your risk.
  • Verify Transactions: Always confirm requests for payments or changes in bank details through a secondary, trusted communication method.
  • Educate Your Team: Regularly train staff to recognise phishing attempts and fraudulent emails. Awareness is a key defence against email compromise.
Blog ASD Annual Cyber Threat Report 2023 2024 04 3

5. Small Business Owners are twice as likely as employees to be the victim of ransomware

 

The ASD included research from the Australian Institute of Criminology (AIC), which stated that small to medium business owners are more than four times as likely to fall victim to ransomware attacks compared to individuals who are neither business owners nor employees. Owners also face nearly double the risk of ransomware attacks compared to their employees.

This heightened risk reflects the growing focus cyber criminals place on decision-makers within SMEs, who often hold the keys to critical business data and financial resources. Attackers know that business owners are more likely to pay ransoms quickly to minimise operational disruptions, making them attractive targets.

What can you do as a business owner?

Blog ASD Annual Cyber Threat Report 2023 2024 05 1

6. 11% of all incidents responded to included ransomware, a 3% increase from last year

The rise in ransomware incidents is a harsh reminder that no business is immune. Ransomware remains one of the most persistent and damaging threats, with attackers continuing to evolve their tactics to target businesses of all sizes.

For SMEs the growing prevalence of ransomware is particularly concerning. Limited resources and less robust defences often leave SMEs more vulnerable, while the impact of downtime or data loss can be devastating.

What can you do?

  • Understand that Ransomware is Growing: The increase in ransomware incidents shows that attackers are becoming more aggressive. Businesses can start to prioritise defences against this evolving threat with training and education.
  • Invest in Recovery Measures: Secure, regular backups stored offline are vital for recovering quickly without paying a ransom.
  • Strengthen Frontline Defences: Tools like multi-factor authentication, email filtering, and endpoint detection can stop ransomware before it infiltrates your systems.
  • Prepare for the Worst: Develop an incident response plan so your team knows what to do if an attack occurs, minimising downtime and damage.
ASD Annual Cyber Threat Report 2023-2024

7. In FY2023–24, 8% of all cyber security incidents responded to by ASD included brute force-related activity.

 

Password breaches are still a major cause of cyber attacks. This highlights the ongoing threat posed by attacks like credential stuffing and password spraying, which exploit weak or poorly managed password practices to gain unauthorised access.

Poor practices, such as sharing passwords or reusing weak ones across platforms, significantly increase vulnerability to brute force attacks.

What can you do?

  • Strong, Unique Passwords: Enforce policies requiring strong, unique passwords for all accounts, and encourage the use of passphrases for better security.
  • Adopt Multi-Factor Authentication (MFA): MFA adds an essential layer of security, ensuring that even if passwords are compromised, access is still restricted.
  • Monitor for Suspicious Activity: Use tools to detect unusual login attempts or failed logins, which can signal brute force attempts in progress.
  • Password Management Tools: Implement secure password managers to help employees create and manage unique passwords without the need for memorisation.
ASD Annual Cyber Threat Report 2023-2024

8. Artificial intelligence is changing the cyber crime landscape

The forementioned report highlighted the challenges small businesses will face with the growing prevalence of AI.

Cyber criminals are using AI to automate and enhance attacks, from generating convincing phishing emails to identifying vulnerabilities faster. These AI-driven tactics allow them to scale operations and target businesses with unprecedented precision. For SMEs, this shift can be particularly challenging as resources for countering such advanced threats may be limited.

What can you do?

Blog ASD Annual Cyber Threat Report 2023 2024 08 2

9. Quishing will continue to grow as a sophisticated threat

 

Quishing—phishing through QR codes—is an emerging and growing threat that businesses need to be aware of. As QR codes become increasingly popular for their convenience in payments, advertising, and customer interactions, cyber criminals are exploiting them to trick individuals into revealing sensitive information or installing malware.

For small and medium businesses (SMEs), the rise of quishing represents a new dimension of phishing attacks that can target both employees and customers, potentially leading to data breaches or financial losses.

What can you do?

  • Understand the Threat: Quishing works by embedding malicious links in QR codes, which can lead users to fake websites or trigger harmful downloads. As QR codes gain adoption, the risks grow.
  • Educate Employees and Customers: Train staff to scrutinise QR codes before scanning, especially in unsolicited emails or printed materials. Share similar advice with customers to build trust and reduce risk.
  • Secure Your QR Code Use: If your business uses QR codes, ensure they direct users to legitimate, secure websites. Regularly monitor and verify any public-facing codes.
  • Use Technology to Detect Risks: Employ tools that can scan and verify the safety of QR code links, reducing the chance of exposure to malicious content.
Blog ASD Annual Cyber Threat Report 2023 2024 09 1

10. Professionals are being targeted by cyber criminals.

 

The increased targeting of professionals is a reminder that cyber threats are growing more focused and strategic. This targeting reflects the valuable data and access these professionals often hold, as well as the operational importance of their roles.

For SMEs operating in these sectors, this trend underlines the need to prioritise cyber security. Professionals often serve as key access points into broader systems, making them attractive targets for attackers employing phishing, ransomware, and social engineering tactics.

What can you do?

  1. Strengthen Cyber Hygiene: Invest in training for employees and enforce practices such as strong passwords, multi-factor authentication, and regular updates to minimise vulnerabilities.
  2. Sector-Specific Risks: Understand the unique threats your industry faces. For example, healthcare is often targeted for patient data, while financial services are targeted for transaction manipulation.
  3. Monitor Access Points: Ensure monitoring of access to critical systems, particularly those commonly used by professionals in your business.

For those interested in reading the full report, head over to: https://www.cyber.gov.au/about-us/view-all-content/reports-and-statistics/annual-cyber-threat-report-2023-2024

Blog ASD Annual Cyber Threat Report 2023 2024 10 1

Next steps for business owners

To see if your business is prepared for cyber in 2025, or find out more about how we protect you, contact our team via the form below.

// Need more help?

Contact our team today.



    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    Google Rating
    5.0
    Based on 63 reviews
    ×
    js_loader