Australia’s Cyber Threats 2024–25: What Every Business Needs to Know
The Australian Signals Directorate (ASD) has released its latest Annual Cyber Threat Report, and the results are hard to ignore. Cyber incidents, scams, and ransomware attacks are all on the rise.
The data shows that small and medium businesses are now prime targets, with attackers taking advantage of weak passwords, unpatched systems, and outdated technology. It’s a wake-up call for every business that relies on connected systems, which today means almost everyone.
The Big Picture
In the past year alone:
Over 42,000 calls were made to the Cyber Security Hotline (up 16%)
Cybercrime reports are filed every six minutes
The average cost per business incident hit $80,850, up 50% from the year before
Those numbers represent more than statistics, they reflect growing disruption to operations, reputations, and customer trust.
Who’s Being Targeted
The report found that financial services, transport, telecoms, education, and healthcare were the top sectors under attack.
Healthcare in particular saw ransomware activity double over the year, with most attacks succeeding.
No industry is off-limits and small organisations are often hit hardest because they lack the defences larger enterprises have in place.
How the Attacks Happen
The techniques haven’t changed much, but the execution has evolved.
Phishing, credential theft, and ransomware remain dominant, while attackers increasingly exploit edge devices, IoT systems, and AI-generated content to gain a foothold.
One in three incidents began with a stolen password, a reminder that even small gaps can have big consequences.
Building Cyber Resilience
ASD’s advice is simple and practical:
Improve event logging – You can’t defend what you can’t see.
Retire legacy systems – Old tech is an open door.
Secure your supply chain – Know your vendors and third parties.
Start preparing for post-quantum security – Tomorrow’s encryption challenges start today.
These “four big moves” form the backbone of modern cyber defence and they’re achievable for any business with the right guidance.
Where to Start
You don’t need to do everything at once. Begin with the essentials:
Turn on Multi-Factor Authentication
Patch and update your systems
Use strong, unique passwords or a password manager
Back up important data
Be cautious with emails and links
These simple habits stop the majority of common attacks.
Want the Key Stats at a Glance?
We’ve created a 3-page visual summary of the ASD 2024–25 report covering the key trends, top targeted sectors, attack methods, and real-world costs to Australian businesses.
It’s quick to read, easy to share, and free to download:
Red Cerberus - ASD Summary - 2024-25
Want to read the full report as released by the Australian Cyber Security Centre. Check it out here: