Australia’s latest Cyber Threat Report shows another rise in cyber incidents, financial losses, and targeting across both public and private sectors.

The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has released its 2024–25 findings, showing that resilience must continue to strengthen across every industry.

The release of the report comes as Microsoft ends support for Windows 10, highlighting one of the report’s central messages. Outdated systems now represent one of the most immediate cyber risks for Australian organisations. 

The Numbers

  • More than 42,500 calls were made to the national Cyber Security Hotline, a 16% increase.

  • The ACSC responded to over 1,200 incidents, up 11%.

  • Businesses reported an average loss of $80,850 per cybercrime, with large organisations averaging $202,691 per incident.

  • Ransomware remained the most disruptive threat.

  • Denial of Service and Distributed Denial of Service attacks rose by more than 280%.

  • Critical infrastructure incidents increased to 13% of all reported cases.

The Threat Picture

Australia’s strong digital economy continues to attract both financially motivated criminals and state-aligned threat activity. The report shows that malicious actors are targeting the systems and data that support essential services, supply chains, and sensitive information. Criminals are taking advantage of stolen credentials, exposed devices, and known vulnerabilities to gain access and maintain persistence within networks.

The ACSC continues to highlight the risk posed by legacy systems. As seen this week with Windows 10 reaching end of support, unpatched technology provides a direct pathway for compromise. Once updates stop, vulnerabilities quickly become public knowledge and highly targeted.

Sectors Under Pressure

Healthcare:
Ransomware incidents doubled since last year. 95% of reported healthcare cases resulted in successful compromise. Data theft and service disruption continue to threaten patient safety.

Finance:
Financial and insurance services accounted for 32% of all critical infrastructure incidents, the highest of any sector. DDoS activity and scanning were key trends.

Transport and Logistics:
Represented 26% of critical infrastructure incidents. Interconnected supply chains and complex systems continue to increase exposure.

Telecommunications and Technology:
Made up 16% of incidents. Communications networks and connected devices such as routers and IoT systems remain frequent targets.

Education and professional services also experienced consistent levels of activity, though at lower rates.

How Attacks Are Happening

Across both government and industry, the most common attack techniques were:

  • Phishing

  • Compromised accounts and credentials

  • Identity information gathering

  • Exploitation of vulnerable edge devices

Edge device attacks had a 96% success rate, showing how much exposure sits at the network perimeter.

Recommended Actions

For all organisations

  • Use phishing-resistant multi-factor authentication.

  • Apply strong, unique passwords or passphrases.

  • Keep systems and software updated.

  • Back up critical data regularly.

  • Stay alert for phishing and scams.

For businesses managing larger networks

  • Implement effective event logging and visibility.

  • Replace or isolate legacy IT.

  • Manage third-party risk through secure procurement.

  • Begin preparing for post-quantum cryptography.

  • Test incident response plans and review them regularly.

  • Adopt frameworks such as the Essential Eight and the Information Security Manual.

  • Apply zero trust and secure-by-design principles when building or updating systems.

The end of support for Windows 10 is a clear example of why replacing or isolating legacy systems is critical. Unsupported operating systems will no longer receive security updates, leaving organisations exposed to known vulnerabilities. Where upgrades cannot occur immediately, isolation and enhanced monitoring should be applied. 

The Outlook

The data reinforces that cyber resilience is a shared responsibility. Basic hygiene remains the most effective line of defence, and visibility is key to reducing impact. The phase-out of Windows 10 underscores how quickly technology can move from secure to vulnerable, and why ongoing system renewal must remain a priority. For ongoing guidance on improving resilience, uplift, and operational readiness, contact the ctrl:cyber team today