Cybercrime remains a growth industry with Australian individuals and organisations reporting nearly 23% more attacks than in 2022, according to data from the Australian Signals Directorate (ASD). The cost of these incidents is also increasing, not just in financial terms but in knock-on effects as well.

The ASD's Annual Cyber Threat Report 2022-231 is based on data and insights from 94,000 reports made to the Australian government's ReportCyber facility during the year. The majority of reports were from small businesses but larger businesses and government organisations were also affected.

The most notable trends in cyber security threats were:

    1) Actions by state actors — in the context of cybersecurity, a state actor typically refers to a government or its intelligence agencies engaging in cyber activities, such as hacking, espionage or cyber warfare. These state actors often have significant resources, expertise, and motivations to carry out cyber operations for political, economic, or military purposes. Australian cyber issues have been at threat of 'state actors' in the following areas:

    • targeting critical infrastructure
    • conducting espionage
    • practising extortion.

    2) Australian individuals and organisations of all sizes

    • sustaining data breach losses and the sale of data on the dark web
    • being victimised for failing to patch a critical vulnerability.

    The top 10 cyber breach reporting sectors

    Bar graph ranking the top 10 cyber breach reporting sectors.

    Australian Signals Directorate

    Insight into politically motivated Australian cyber attacks by 'state actors'

    Attacks by state actors with political agendas were focused on critical infrastructure, with the goals of achieving disruption or gathering classified information such as intellectual property concerning the AUKUS agreement and associated military capabilities.

    During 2022—23 ASD responded to 143 incidents reported by critical infrastructure organisations, an increase from the 95 incidents reported in the previous year. The data shows critical infrastructure is being targeted by increasingly interconnected systems.

    The main cyber security incidents affecting Australian critical infrastructure were:

    • compromised account or credentials
    • compromised asset, network or infrastructure
    • denial of service (DoS).

    The increasing cost of Australian cyber breaches for businesses

    Cyber criminals are evolving and refining their tactics and techniques to mask their actions and extract the maximum profit from their targets via a range of illegal activities, such as data theft or manipulation, extortion and disruption or destruction of computer-dependent services. The cost for business targets is increasing year on year.

    The average cost of a cyber breach rose from:

    • $39,555 to $45,965 for small businesses
    • $88,407 to $97,203 for medium businesses
    • $62,233 to $71,598 for large businesses.

    Ransomware remains the most destructive cybercrime threat to Australians, but business email compromise (BEC), data theft and denial of service (DoS) are costly also.

    Cyber criminals continue to refine methods to extract maximum payment from victims, and the ASD responded to 127 extortion related incidents, 118 of which involved ransomware restricting access to systems, files or accounts, i.e. denial of service.

    The dominant types of cyber attacks to be aware of

    The avenues where people, businesses and organisations are most typically exposed and exploited to cyber attacks are:

    Top three cybercrime types for businesses

    • email compromise
    • fraud via business email
    • online banking fraud

    Top three cybercrime types for individuals

    • identity fraud
    • online banking fraud
    • online shopping fraud

    Cyber security reminder: timely patching is critical to maintaining cyber protection

    Time delays in updating software patching has been identified as a weakness and area where cyber attacks are taking place. Along with business email compromise, failure to patch software application updates is an area that creates vulnerability and has become a strong preferred attack vector (or avenue) for cyber criminals to exploit, who leverage known vulnerabilities to infiltrate data systems — evidence shows that one in five critical vulnerabilities have occurred within 48 hours of a new patch being published.

    The ASD stresses the critical importance of patching vulnerabilities as soon as they are known to exist and the patch being made available, within 48 hours ideally and definitely within two weeks.

    Increase in high level of cyber security incidents in Australia

    The ASD categorises reported cyber breaches according to the severity of effect, extent of compromise and significance of the organisation, on a scale from C1, the most severe, to C6, the least severe.

    While only one category 1 attack was reported, the number of C2 incidents rose from two to five in FY 2022-23 and involved significant data breaches with cyber criminals exfiltrating data from critical infrastructure organisations.

    Of the C3 incidents more than 30% were organisations classified as critical infrastructure, with transport (21%), energy (17%) and higher education and research (17%) the most affected sectors.

    Harm from cyber breaches extends beyond the incident and immediate costs

    The impact of cyber breach incidents and the disruption of computer-dependent services in 2023 affected millions of Australians, the report concludes. The harm they cause, especially for small to medium sized businesses (SMEs), extends beyond financial costs and may include impacts to personal health and legal issues.

    The use of complex computer information technology (IT) supply chains and advances in areas like artificial intelligence (AI) are amping up the complexity of maintaining cyber security. Responding to this exponential threat to individuals, businesses and the community at large requires not only technical controls such as the ASD's Essential Eight2 but ensuring a cyber secure culture is 'business as usual'.

    How Gallagher can help

    In addition to cyber insurance protection, Gallagher offers expertise, advice and resources for building business resilience to withstand cyber security incidents.

    connect with us


Gallagher provides insurance, risk management and benefits consulting services for clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance and/or risk management perspective, and offer broad information about risk mitigation, loss control strategy and potential claim exposures. We have prepared this commentary and other news alerts for general information purposes only and the material is not intended to be, nor should it be interpreted as, legal or client-specific risk management advice. General insurance descriptions contained herein do not include complete insurance policy definitions, terms and/or conditions, and should not be relied on for coverage interpretation. The information may not include current governmental or insurance developments, is provided without knowledge of the individual recipient's industry or specific business or coverage circumstances, and in no way reflects or promises to provide insurance coverage outcomes that only insurance carriers' control.

Gallagher publications may contain links to non-Gallagher websites that are created and controlled by other organisations. We claim no responsibility for the content of any linked website, or any link contained therein. The inclusion of any link does not imply endorsement by Gallagher, as we have no responsibility for information referenced in material owned and controlled by other parties. Gallagher strongly encourages you to review any separate terms of use and privacy policies governing use of these third party websites and resources.

Insurance brokerage and related services to be provided by Arthur J. Gallagher & Co (Aus) Limited (ABN 34 005 543 920). Australian Financial Services License (AFSL) No. 238312