The Australian Cyber Security Centre (ACSC) has released its Annual Cyber Threat Report 2024–25, and the message is clear: cyber threats are growing in both volume and sophistication.
For Australian businesses – especially small and medium organisations – the findings are a wake-up call. Cybercrime is no longer a distant problem or something that “only happens to big companies.” It’s happening here, every day, and it’s costing businesses real money, time, and reputation.
What the report tells us
The report shows cyber-threats are rising, and they’re increasingly sophisticated. Here are a few of the key take-aways:
- ACSC received over 42,500 calls to its cyber hotline in FY2024-25 – a 16 % increase on the previous year.
- They responded to over 1,200 cyber-security incidents (an 11 % increase).
- The average self-reported financial cost of cyber-crime to businesses is rising: for small businesses it’s now around A$56,600, for medium about A$97,200, and for large-businesses around A$202,700.
- State-sponsored cyber actors remain highly active: these aren’t just random criminals, but groups backed by nation-state resources, targeting Australian networks for espionage or disruption.
- Cyber-criminals are increasingly using stolen credentials, info-stealer malware, “living off the land” tactics (using legitimate tools in malicious ways), and generative AI to scale their attacks.
- The report says a few core measures – e.g., strong MFA, unique passphrases, regular backups, and up-to-date software can stop the majority of incidents.
In short: No matter how small your business, you’re a target – and the risk is real.
What this means for your business
You might be thinking: “That’s for large organisations, not me.” But actually, the report shows SMEs (small- and medium-enterprises) are especially vulnerable. The average loss is climbing, and many attacks succeed because basic protections were missing.
Here are a few practical takeaways:
- Assume compromise: Don’t think “We’ll never be attacked.” Instead, think “If we were attacked, how would we detect it, respond, contain it, recover?” This mindset will allow for faster recovery and better outcomes.
- Your employees count: Keep in mind that your employees are a part of your digital environment. Many attacks start with stolen credentials or phishing. If an employee logs in with weak credentials, or re-uses passwords, you’re exposed.
- Legacy systems and third-party risk: Older IT systems, weak vendor security and unmanaged supply-chain connections are highlighted as serious risk points. Get a health assessment for third party risk.
- Backups & response matter as much as prevention: Even if you do everything right, an incident may still occur. Having reliable backups and a tested incident-response plan can minimise disruption and cost.
- Technology change is accelerating: With ever changing technology, threats are also changing the way we need to protect our environments.
How to protect your business – 4 key steps
Inspired to make some changes? Here are four practical ways to reduce your cyber risk today;
- Strengthen access controls
- Use multi-factor authentication (MFA) on all accounts.
- Replace simple passwords with long, unique passphrases.
- Regularly review user permissions and remove old accounts.
- Consider a password management system.
- Keep systems up to date
- Apply software and security updates as soon as they’re released.
- Retire unsupported or outdated systems
- Back up and prepare for recovery
- Back up important data regularly
- Test your backups and disaster recovery plans – don’t just assume they’ll work.
- Know who to call and what steps to take if an incident occurs.
- Educate and empower your team
- Train staff to recognise phishing, scams, and suspicious activity.
- Encourage a culture where employees report potential issues quickly, without fear of blame.
- Conduct short refresher sessions or simulated phishing tests to keep awareness high.
How Excellence IT helps protect your business
At Excellence IT, we know most business owners don’t have the time or expertise to stay ahead of every new cyber threat – and you shouldn’t have to. That’s our job.
We work with small and medium businesses to build practical, affordable cybersecurity frameworks that protect your data, your people, and your reputation.
Ready to protect your business?
If you’re unsure how your current systems stack up, now is the perfect time to take action. Excellence IT can perform a Cyber Security Health Check to identify gaps and strengthen your defences before an incident happens.
Get in touch with our friendly team today to learn how we can help you build your own digital safety net so you can focus on running your business, not worrying about cyber threats.
To view the full report, visit Annual Cyber Threat Report 2024-2025 | Cyber.gov.au
