The Australian Signals Directorate's (ASD) Annual Cyber Threat Report for 2023-24 highlights Australia's rapidly evolving cyber threat landscape.
This threat landscape aligns with the challenging strategic environment outlined in the 2024 National Defence Strategy and the 2023 Cyber Security Strategy, with strategic competition being accompanied by technological developments including in cyber capabilities.
This year's report details how malicious state and non-state cyber actors continue to target Australian governments, critical infrastructure, businesses and individuals , including for the purposes of espionage, disruptive effects and financial gain.
While the number of cyber incidents being reported remains steady, the report shows the impact and costs of cybercrime to Australian small businesses and individuals are increasing.
Key findings from the report include:
- ASD received over 36,700 calls to its Australian Cyber Security Hotline, an increase of 12 per cent from 2022-23.
- ASD received over 87,000 reports of cybercrime over the financial year, an average of a report every six minutes.
- 11 per cent of the 1,100 cyber security incidents ASD responded to related to critical infrastructure.
- The average cost of cybercrime for small businesses rose by 8 per cent from last year to $49,600 per report, and by 17 per cent for individuals to $30,700 per report.
This year's report reinforces the importance of having close public and private sector partnerships to effectively bolster Australia's cyber defences. It also highlights the need for all Australians to play their part in protecting our nation's cyber security.
The Albanese Government is committed to leading these efforts and has committed $15-$20 billion over the next decade in the 2024 Defence Integrated Investment Program to enhance our cyber domain capabilities. This includes prioritising funding for REDSPICE to enhance ASD's cyber and signals intelligence capabilities.
It has also committed $586.9 million to delivery of the 2030 Cyber Security Strategy, appointed our nation's first Cyber Security Coordinator, developed our first stand-alone Cyber Security Act and strengthened the Security of Critical Infrastructure (SOCI) Act, made attributions against foreign actors, created the Executive Cyber Council, and used the Protective Security Policy Framework to uplift commonwealth cyber security.
The Government has also taken concrete steps to deter cybercriminals and hold them to account, including by using for the first time Australia's autonomous cyber sanctions framework to impose cyber sanctions on Russian criminals.
