What Are The Leading Australia Cybercrime Statistics?

Australian essential services are weathering an alarming surge in cyber intrusions, with the Australian Signals Directorate (ASD) reporting that sectors such as energy, water, healthcare, and transport experienced a 50% jump in security incidents between 2021-2022 and 2022-2023.

Although the number of attacks slightly decreased in 2023-2024, leaders remain cautious about both their frequency and severity.

The Australian Microsoft Digital Defense Report: Key Insights

The 2025 Microsoft Digital Defense Report offers insight into how threat actors (from cyber criminals to nation-state adversaries) are evolving faster than ever before.

The data reveals Australia ranked 10th globally among countries where Microsoft customers were most frequently impacted by cyber activity. Within the Asia-Pacific region, Australia ranked fourth among customers most frequently affected, accounting for nearly 10 percent of all impacted customers. The findings underline that Australia remains a significant target for cyber threat actors across both criminal and nation-state categories.

More than half of all cyberattacks with known motives (approximately 52%) were driven by financial gain, particularly through ransomware and extortion campaigns. Attacks focused purely on espionage accounted for only around 4%. This showcases how most cyber activity is now profit-motivated, putting both public and private organisations at risk regardless of their strategic value.

Critical public services remain among the most frequently targeted, largely due to the essential services they provide, the sensitive data they hold, and the challenges of maintaining up-to-date security across complex systems and constrained budgets. For Australia, this includes state and territory health systems, utilities, transport, and local government.

What Are Australia's Leading Cyber Threats?

Nation-state cyber operations are also expanding, driven increasingly by geopolitical objectives. The report notes that governments are increasingly leveraging criminal networks to carry out espionage or disruptive activities, a trend that further blurs the line between cybercrime and state-sponsored operations. This has particular implications for Australian companies involved in defence, energy, and technology supply chains.

Artificial intelligence is transforming the cybersecurity landscape, being used by both attackers and defenders. Threat actors are using AI to scale their operations (namely automating phishing campaigns and refining social engineering) while defenders are using it to detect and block attacks faster, close detection gaps, and protect vulnerable users. The report emphasises that AI has become a necessary tool for security teams to keep pace with increasingly sophisticated threats.

Perhaps most critically, the report highlights that adversaries aren’t breaking in: they’re signing in. Over 97% of identity attacks are password-based, yet 99% of these can be blocked by implementing phishing-resistant multi-factor authentication. This statistic underscores how fundamental cyber hygiene and strong identity protection remain the most effective defences against compromise.

What Australian Sectors Are Most Impacted By Cybercrime?

The ASD data indicates that 57% of cyber incidents affecting critical infrastructure in 2022-2023 involved compromised credentials, denial-of-service attacks or unauthorised network access.

These intrusions can disrupt vital services, erode public confidence and trigger domino effects throughout interconnected systems. More than 11% of all cyber incidents during the past year impacted sectors including electricity, gas, water, education and transport, resulting in tangible consequences such as hospital disruptions, threats to water quality, and widespread power cuts.

Conclusion

The continuing rise in cyberattacks targeting Australia's critical infrastructure represents a significant national security concern.

As system connectivity expands, organisations are urged to adopt layered security approaches, enforce rigorous access controls and foster a security-conscious culture throughout their operations.