A cybercrime was reported to ASD every 6 minutes in FY23

Australians reported a cybercrime to the Australian Signals Directorate’s ReportCyber incident reporting service once every six minutes during FY23, according to the agency’s 2023 Cyber Threat Report.

The report found that nearly 94,000 reports were submitted to the reporting service over the course of the financial year, an increase of 23% compared to FY22.

The cost of cybercrime to businesses meanwhile increased by 14% during the year, with average losses recorded by small businesses totalling $46,000. Cybercrimes cost medium businesses an average of $97,200 and large businesses an average of $71,600.

During the financial year, ASD responded to over 1100 cybersecurity incidents from Australian entities. These included 143 cybersecurity incidents related to critical infrastructure.

According to the report, cybersecurity incidents impacting Australian critical infrastructure increased by almost one-third during FY23, with 57% of such incidents involving compromised accounts or credentials; compromised assets, networks or infrastructure; and denial-of-service attacks.

The ASD also responded to 127 extortion-related incidents, with 118 of these involving ransomware or other forms of restriction to systems, files or accounts.

Another key trend identified in the report was that one in five critical vulnerabilities uncovered during the financial year were exploited within 48 hours, demonstrating that the window to patch vulnerabilities after they have been discovered is getting narrower. Publicly reported common vulnerabilities and exposures increased 20% in FY23.

The top three cybercrime types targeting individuals in FY23 were identity fraud, online banking fraud and online shopping fraud. For businesses, the top three types were email compromise, business email compromise (BEC) fraud and online banking fraud.

Image: iStock.com/Tero Vesalainen