Business Cyber Security delivered via Cloud
Free Call:
Email:
Company Address:
116 Gawler Place
Adelaide SA 5000
Postal Address:
PO Box 1235,
Glenelg South SA 5044
Copyright © 2024 | Magnetic Alliance Cyber Pty Ltd | Designed by Magnetic Alliance
Top 10 Insights from the
Annual Cyber Threat Report 2023–2024: A Business Perspective
For the cyber enthusiast among us, the Annual Cyber Threat Report by the Australian Signals Directorate (ASD) always provides fascinating insights.
The latest 78-page report is full of large numbers – but none of these are particularly surprising considering the increasing sophistication from hackers.
Below I have outlined what I believe are the top 10 “numbers” business owners should be aware of. Additionally, I have added what you can do to mitigate your risks against becoming a statistic.
Read in full below or Jump Ahead.
1. In FY2023–24, ASD received over 36,700 calls to its Australian Cyber Security Hotline, an increase of 12% from the previous financial year.
The rise in calls to the Australian Cyber Security Hotline underscores both a growing number of threats – but also a growing awareness of cyber threats across Australia. While this is a positive sign of vigilance, it also highlights the increasing challenges businesses face in securing their digital environments.
For Australian SMEs, this is a reminder that cyber criminals increasingly target smaller organisations due to limited defences.
What can you do?
2. Average cost of cyber crime to small business up 8% to $49,600
The average cost of cyber crime for small businesses has risen to $49,600, an 8% increase, highlighting the growing financial burden on SMEs. Interestingly, while costs have decreased for medium and large businesses, smaller organisations are bearing a greater share of the impact.
This could be attributed to limited resources for prevention and recovery, making small businesses attractive targets.
What can you do?
3. Average self-reported cost of cyber crime per report for individuals, up 17% ($30,700)
The 17% rise in the average cost of cyber crime for individuals, now at $30,700, reflects the increasing sophistication of cyber criminal tactics. Scammers are evolving their methods to exploit vulnerabilities, often targeting individuals with highly convincing phishing scams, identity theft, and social engineering. This trend has direct implications for small and medium business owners.
Key Considerations for SMEs:
4. Business Email Compromise (BEC) now accounts for 20% of all reported cyber crime from businesses
Business Email Compromise (BEC) now accounts for 20% of all reported cyber crime from businesses (no financial loss). BEC fraud (financial loss) accounts for an additional 13% of reported crimes.
This highlights the significant risk email compromise poses, particularly for SMEs, which often rely heavily on email for critical communications and transactions. The report further highlighted that overall, when there was a financial loss involved with BEC, the average cost was $55,000 per confirmed incident.
Cyber criminals are increasingly exploiting trust within email correspondence, leading to costly mistakes that can severely impact a business’s operations and reputation.
What can you do?
5. Small Business Owners are twice as likely as employees to be the victim of ransomware
The ASD included research from the Australian Institute of Criminology (AIC), which stated that small to medium business owners are more than four times as likely to fall victim to ransomware attacks compared to individuals who are neither business owners nor employees. Owners also face nearly double the risk of ransomware attacks compared to their employees.
This heightened risk reflects the growing focus cyber criminals place on decision-makers within SMEs, who often hold the keys to critical business data and financial resources. Attackers know that business owners are more likely to pay ransoms quickly to minimise operational disruptions, making them attractive targets.
What can you do as a business owner?
6. 11% of all incidents responded to included ransomware, a 3% increase from last year
The rise in ransomware incidents is a harsh reminder that no business is immune. Ransomware remains one of the most persistent and damaging threats, with attackers continuing to evolve their tactics to target businesses of all sizes.
For SMEs the growing prevalence of ransomware is particularly concerning. Limited resources and less robust defences often leave SMEs more vulnerable, while the impact of downtime or data loss can be devastating.
What can you do?
7. In FY2023–24, 8% of all cyber security incidents responded to by ASD included brute force-related activity.
Password breaches are still a major cause of cyber attacks. This highlights the ongoing threat posed by attacks like credential stuffing and password spraying, which exploit weak or poorly managed password practices to gain unauthorised access.
Poor practices, such as sharing passwords or reusing weak ones across platforms, significantly increase vulnerability to brute force attacks.
What can you do?
8. Artificial intelligence is changing the cyber crime landscape
The forementioned report highlighted the challenges small businesses will face with the growing prevalence of AI.
Cyber criminals are using AI to automate and enhance attacks, from generating convincing phishing emails to identifying vulnerabilities faster. These AI-driven tactics allow them to scale operations and target businesses with unprecedented precision. For SMEs, this shift can be particularly challenging as resources for countering such advanced threats may be limited.
What can you do?
9. Quishing will continue to grow as a sophisticated threat
Quishing—phishing through QR codes—is an emerging and growing threat that businesses need to be aware of. As QR codes become increasingly popular for their convenience in payments, advertising, and customer interactions, cyber criminals are exploiting them to trick individuals into revealing sensitive information or installing malware.
For small and medium businesses (SMEs), the rise of quishing represents a new dimension of phishing attacks that can target both employees and customers, potentially leading to data breaches or financial losses.
What can you do?
10. Professionals are being targeted by cyber criminals.
The increased targeting of professionals is a reminder that cyber threats are growing more focused and strategic. This targeting reflects the valuable data and access these professionals often hold, as well as the operational importance of their roles.
For SMEs operating in these sectors, this trend underlines the need to prioritise cyber security. Professionals often serve as key access points into broader systems, making them attractive targets for attackers employing phishing, ransomware, and social engineering tactics.
What can you do?
For those interested in reading the full report, head over to: https://www.cyber.gov.au/about-us/view-all-content/reports-and-statistics/annual-cyber-threat-report-2023-2024
Next steps for business owners
To see if your business is prepared for cyber in 2025, or find out more about how we protect you, contact our team via the form below.
// Need more help?
Contact our team today.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Recent Posts
Categories