Australia’s national intelligence agency has sounded the alarm on an unprecedented surge in cyber threats, revealing that it now receives a cybercrime report every six minutes. Nearly half of all reported breaches stem not from direct hacking, but from the use of stolen usernames and passwords.
The Australian Signals Directorate’s 2024–25 Cyber Threat Report shows a record 84,700 cybercrime reports in the past financial year, while more than 190 critical infrastructure operators — including telecommunications, water, energy, and transport networks — were notified of potential cyberattacks, marking a 111 per cent increase year-on-year.
According to the ASD, about 42 per cent of breaches impacting major corporations, universities, government agencies, and supply chains involved the use of compromised credentials to gain unauthorised access.
The financial toll is staggering:
- Large businesses reported average losses of $202,700, a 219% rise.
- Medium enterprises saw a 55% increase, with average costs reaching $97,200 per incident.
The ASD warned that threats from foreign espionage and organised crime remain acute. In 2024, China-linked cyber groups were found to have hijacked thousands of internet-connected devices — including home routers — turning them into vast “bot networks” used to mask attacks on businesses and government systems.
ASD Director Abigail Bradshaw described state-sponsored cyber actors as “a serious and growing threat” and urged organisations to begin preparing for “post-quantum cryptography”, as supercomputers are expected to break current encryption standards by 2030.
Acting Prime Minister Richard Marles said the findings highlight the “urgent need” for collaboration between government and industry to strengthen the nation’s cyber defences.
“The report makes clear that malicious actors have been working unseen to steal data, demand ransoms, and disrupt critical systems,” Marles said.
Home Affairs and Cyber Security Minister Tony Burke advised Australians to install software updates promptly, enable multi-factor authentication, and use unique passwords for every account.
“If you get an unexpected call, hang up and call back using an official number,” Burke said. “Most cyber incidents are preventable — basic defensive habits make a huge difference.”
