Australia’s Cybersecurity Reality: Key Insights from the ACSC Annual Cyber Threat Report 2024–25

Cyber threats are evolving faster than ever. Cybersecurity is no longer a back-office concern; it’s a boardroom priority. The Australian Cyber Security Centre’s Annual Cyber Threat Report 2024–25 reveals an alarming increase in cybercrimes, showing the urgent need for businesses to strengthen their defences.

With the latest Annual Cyber Threat Report 2024–25 by the Australian Cyber Security Centre, the message is clear: cyber threats are evolving in scale, cost, and sophistication. This report provides a look at the challenges facing individuals, businesses, and critical infrastructure across the nation.

The Year in Review: The Cyber Threat Picture in Numbers

Here are some key statistics from the Australian Cyber Security Centre’s (ACSC) Annual Cyber Threat Report 2024-25:

• 84,000+ cybercrime reports were lodged in 2024–25; roughly one every six minutes.
• The Cyber Security Hotline fielded 42,500+ calls, up 16% year on year.
• The ACSC responded to over 1,200 significant incidents, an 11% increase from 2023–24.
• More than 190 malicious activity alerts were reported, up more than 100% from the previous year.

Cyber threats are now more frequent, more costly, and more targeted than ever before.

Some more alarming stats:

• 111% increase in attacks on critical infrastructure.
• Healthcare ransomware incidents doubled, with 95% resulting in compromise.
• The finance sector accounted for 32% of critical infrastructure incidents.
• Transport & logistics accounted for 26% of critical infrastructure incidents.
• More than 25% increase in publicly reported common vulnerabilities.
• 11% of all incidents included ransomware.
• An increase of 8% in identity fraud.

What the Report Signals for Businesses

The report isn’t just numbers and trends; it’s a wake-up call. Here’s what it means for you:

• Escalating Threat Landscape: Cybercriminals are leveraging AI and automation to launch attacks at scale. No industry is immune.
• Human Factor Still Dominates: Social engineering remains the easiest way in. One click can compromise an entire network.
• Compliance Pressure Increases: Regulatory bodies demand stronger security postures. Non-compliance can lead to huge fines and reputational damage.

The takeaway? Reactive security is no longer enough. Businesses need proactive, layered defence strategies.

Why This Matters for Your Business

• Operational Disruption: Attacks can halt services and affect operations.
• Reputational Damage: Breaches break customer trust.
• Regulatory Pressure: Compliance failures can lead to penalties and legal exposure.

The Business Impact: Cybercrime as a Cost Centre

Cybercrime has become a major financial drain on Australian businesses:

Top cybercrime types impacting organisations:

• Email compromise (no loss) – 19%
• Business email compromise (with loss) – 15%
• Identity fraud – 11%

Ransomware remains the most damaging threat, with double-extortion tactics and data-theft-first approaches now the norm.

The Individual Impact: Everyday Australians at Risk

Cybercrime isn’t just a business problem; it’s deeply personal as well.
For individuals:

• Average cost per report: $33,000, up 8% from the previous year.
• Most common threats:
• Identity fraud – 30%
• Online shopping scams – 13%
• Online banking fraud – 10%

AI-driven scams are on the rise too. Deepfake voices and synthetic phishing emails are making deception harder to detect.

ACSC’s Key Recommendations

The report calls for a national uplift in baseline cyber hygiene, encouraging all organisations to:

• Implement the Essential Eight mitigation strategies.
• Enforce multi-factor authentication across systems.
• Keep software and hardware patched promptly.
• Invest in threat intelligence sharing and incident preparedness.
• Build a cyber awareness culture across staff at every level.

How Exigo Tech Helps You Stay Ahead

The ACSC report makes one thing clear: businesses must act now. At Exigo Tech, we deliver solutions that align with these realities.

#1 Exigo Protect

A unified security portfolio for end-to-end protection across identity, endpoint, network, and cloud.

Key Features:

• Identity & Access Management with MFA and Conditional Access.
• Endpoint Security powered by Sophos and Microsoft Defender XDR.
• Network Security with 24/7 Managed SOC and MDR.
• Compliance Alignment with Essential Eight, ISO 27001, and NIST.
• Penetration Testing & vCISO Advisory for strategic planning.

Why It Matters: Exigo Protect simplifies complex security environments and provides layered defence for hybrid workplaces.

#2 Managed Security as a Service (MSaaS)

A subscription-based model for enterprise-grade security without upfront cost.

Key Features:

• Microsoft 365 Business Premium for productivity + security.
• Microsoft Defender for Endpoint for advanced threat detection.
• 24/7 SOC powered by eSentire for continuous monitoring and rapid response.
• Threat Hunting & MITRE ATT&CK Mapping for proactive defence.

Why It Matters: MSaaS bridges the cybersecurity talent gap, reduces complexity, and ensures compliance while you focus on growth.

#3 Essential Eight

The Essential Eight is the Australian Cyber Security Centre’s recommended baseline strategies to mitigate cyber threats. Exigo Tech helps businesses implement and maintain these controls effectively:

Strategies include:

• Application Control
• Patch Applications
• Configure Microsoft Office Macros
• User Application Hardening
• Restrict Administrative Privileges
• Patch Operating Systems
• Multi-Factor Authentication (MFA)
• Regular Backups

Why It Matters: Aligning with Essential Eight significantly reduces the risk of cyber incidents and ensures compliance with Australian security standards.