See if your information has been exposed in a data breach with our latest free tool Check Now

Critical Cyber Crime Statistics in Australia 2023

Niek has worked at Eftsure for several years and has developed a clear understanding of the cyber threat landscape and the controls Australian businesses put in place to combat these threats.

As the threat of cybercrime continues to escalate in Australia, greater awareness and preventative measures are crucial. According to the latest Annual Cyber Threat Report 2021-2022, the Australian Cyber Security Centre recorded a staggering 76,000 cybercrime reports, representing a 13% increase from the previous financial year.

With an alarming rate of one cybercrime report made every seven minutes, it’s clear that the problem is only getting worse. 

As a CFO, you understand the potential for cyber attacks to hurt your business, whether it’s financial losses or reputational damage. To mitigate those risks, it’s vital to implement robust security measures and educate your employees on best practices by promoting a strong anti-cyber-crime culture. 

In our cyber-crime statistics, we delve into the current state of cyber-crime in Australia, along with cyber-criminals’ most common tactics. By staying informed on the latest trends and statistics, you can equip your business with the necessary tools to protect against potential cyber threats.

Author’s Top Picks

  • In the Annual Cyber Threat Report 2022, the ACSC received over 76,000 cyber crime reports, an increase of nearly 13% from the previous financial year.
  • Queensland (29%) and Victoria (27%) report disproportionately higher rates of cybercrime relative to their populations in 2021-2022.
  • Cybercrime is on the rise, and cyberattack attempts reached an all-time high in the fourth quarter of 2021
  • There is a rise in the average cost per cyber crime report to over $39,000 for small businesses, $88,000 for medium businesses, and over $62,000 for large businesses. An average increase of 14%.
  • Ransomware attacks have increased by nearly 500% since the start of the COVID-19 pandemic.

hacker 1 Cybercrime Statistics

1. In the Annual Cyber Threat Report 2022, the ACSC received over 76,000 cyber crime reports, an increase of nearly 13% from the previous financial year.

Over the 2021-2022 financial year, Australia saw an increase in the number of sophisticated cyber threats like extortion, corporate espionage, and fraud. The number of reports increased from receiving one report every 7 minutes compared to last financial year, every 8 minutes.

2. From 2020-to 21, cybercrime was on the rise, with nearly 13% more cases. (Australian Government Cyber Security Centre)

Over 67, 500 reports were filed from 2020 to 2021. This has increased by 13% percent compared to 2019. The cybercrime reporting equates to one cyber attack every 8 minutes compared to one every 10 minutes in 2019.

3. Queensland (29%) and Victoria (27%) report disproportionately higher rates of cybercrime relative to their populations in 2021-2022.


The highest average reported losses were by victims in the Northern Territory (over $40,000 per cyber crime report). Along with most targeted locations in Australia, the most frequently reported cyber crimes included online fraud (27%), online shopping (14%), and online banking (13%). Not to mention, the increased popularity of ransomware attacks.


4. More than a third of companies in America have had their intellectual property pilfered by Chinese competitors within the past decade

Protecting a business against cyberattacks can impact the relationship between the company and its customers. Therefore, as cybercrime becomes more sophisticated, businesses will have to stay one step ahead, even if that means increasing defence mechanisms with employees and processes.

5. Cybercrime is on the rise, and cyberattack attempts reached an all-time high in the fourth quarter of 2021

Cybercrime is becoming increasingly sophisticated, and Log4shell is a perfect example of this. This obscure but nearly ubiquitous piece of software can be found on millions of computers, and it is incredibly vulnerable to attack. The researchers who discovered this flaw have defined a cyberattack attempt as a single isolated cyber occurrence that could be at any point in the attack chain.


6. The COVID-19 pandemic has only made this problem worse, with cybercrime rates increasing by 600%.

During the COVID-19 pandemic, cybercrime has increased drastically by 600% affecting all types of businesses. During this critical period for businesses, cybercrime has been amplified by targeting exposed employees who are currently remote working.


7. There is a rise in the average cost per cyber crime report to over $39,000 for small businesses, $88,000 for medium businesses, and over $62,000 for large businesses. An average increase of 14%.

In the ACSC Annual Cyber Threat Report 2022, medium-sized businesses had the highest average loss per cyber crime. Small to medium businesses should follow the ACSC’s advice for ransomware, business email compromise, and other cyber threats. This will allow them to better understand and combat sophisticated cyber threats.

8. 300,000 cyber crimes are committed in Australia each year.

With an increase in cyber crime statistics reported in Australia, UNSW Canberra cyber security expert Mr Phair estimates that only about one-fifth of the actual amount of online crime. In 2022, the ACSC identified that one of the cyber security trends in the 2021-2022 financial year was Russia’s war against Ukraine. Russia had used malware designed to destory data and prevent computers from booting.

9. In the past 20 years, 300 investigations into cybercrime were completed and only 150 were prosecuted.

Mr Phair states the following “We spend so much of our time online, particularly via mobile smart devices, that the internet has become a fabric of our work and social lives,”. With so much cybercrime in the Australian economy, attackers are becoming more sophisticated making it challenging to prosecute.

10. 52% experienced fraud during the past 24 months; within that group, 18% of those companies reported that their most disruptive incident had a financial impact of more than US$50m.

The aftermath of a cybersecurity incident can have far-reaching and long-lasting impacts on a business. Other than financial losses, the cost of chaos includes reputational damages, legal liability issues, system repairs and more. It’s important for CFOs to understand the risks and have procedures in place to manage cybersecurity events.

This can include investing in cybersecurity infrastructure, having a comprehensive incident response plan and maintaining regular communications with stakeholders.

11. The cost of cybercrime is predicted to hit $8 trillion in 2023 and will grow to $10.5 trillion by 2025.

According to Cybersecurity Ventures, the global annual cost of cybercrime is predicted to reach $8 trillion USD in 2023. Compounding this is the rising cost of damages resulting from cybercrime, which is expected to reach $10.5 trillion by 2025.

Some of the reasons that explain the uplift of cybercrime are:

  • Advancements in technology: As technology continues to evolve, so do cybercriminals and their attack tactics
  • Lack of cybersecurity awareness: Despite the growing threat of cybercrime, many businesses lack the basic understanding of attacks and how to protect themselves
  • Financial gain: Cybercriminals can demand larger ransoms or make a profit from data breaches through the use of the dark web
  • Low risk of prosecution: Cybercriminals often operate from countries with weak legal systems, making it difficult for law enforcement to prosecute them

financial-report 1 Business Email Compromise Statistics

12. Self-reported losses in 2021-2022 increased significantly to over $98 million.

Nationally, the average loss per successful business email compromise (BEC) attack increased to over $64,000. Most BEC reports came from Queensland (389 reports), however, average self-reported financial losses were highest in Western Australia at approximately $112,000 per report.

13. Businesses lost $190 000 when their supplier's email was hacked.

The story is based on one real scam report received by the ACCC that was scammed by email through their supplier as the supplier’s email had been hacked. With updated details on the invoice, this led to the belief owners of the business were paying the correct supplier losing $190,000 in financial loss.


14. Western Australia had several reports of financial losses of over $1 million due to BEC attacks, lifting its overall average in 2022.

BEC attacks are a popular technique that organisations face regularly. Cybercriminals use BEC to impersonate senior executives in order to deceive employees into revealing confidential information like financial information, login credentials, etc. The compromise of a single employee email can be a prelude to a major ransomware attack.

15. Business email compromise scams caused the highest losses across all scam types in 2019 costing businesses $132 million.

Any type of scam can be costly, both financially and emotionally. But some scams are more harmful than others. Business email compromise (BEC) scams, for example, caused the highest losses across all scam types in 2019, according to the ACCC’s Targeting Scams report. BEC scams occur when a scammer intercepts a legitimate invoice and changes the payment details to include their fraudulent information.

16. Roughly 1,300 reports of business email compromises were made to Scamwatch, accounting for $14 million in losses.

In 2020, scam victims reported the biggest losses in the Business Email Compromise. However, employees are not always aware of the scam in action. As the scam increases, becoming more consistent in business loss the ACCC reports that “real losses will be even higher”.


17. 78% of organisations saw an email-based ransomware attack in 2021.

According to the State of the Phish report, 83% of survey respondents said their organisation experienced at least one successful email-based phishing attack in 2021, a 46% increase over 2020. Ransomware is a type of malicious software (malware) that can be used in these attacks.


18. In March 2022 Aussies lost in scams by more than 150% from February and nearly 400% from the $20 million reported.

According to the latest data from Scamwatch, Australians have been losing more than $100 million each month in financial scams. The number of reports remains low but at 16,446 schemes reported this March – down 10% on February’s total.

19. Accounts payable (AP) departments continue to be the department most susceptible to BEC with 58% of survey respondents indicating their AP departments were compromised through email scams.

AP departments continue to be the most susceptible to BEC attacks in 2022. It’s critical that your AP team are equipped with knowledge around emails scams, how to identify them and respond. In 2023, cybercriminals now have the advantage use of AI tools to craft a sophisticated email scam. Without updating your employee security training program, your business could be at risk.

20. Businesses lost $2.4 billion to BEC in 2021 - more than one-third of the total cybercrime losses for the year. Followed by ransomware $50M.

B2B payments fraud is on the rise in 2023 with more than 70% of firm experiencing fraud attacks compared to previous year. Since the pandemic cybercriminals have taken advantage of remote working employees by sending an email that appears to come from a known source like their manager or CFO.

This type of technique can be tricky to spot however, managers should look to improve their security awareness training through workshops and detection tools.

21. The average BEC wire fraud demand grew from $91,436 in Q1 2022 to $109,467 in Q2 2022, a record amount.

BEC attacks over they years have become harder to detect and increasing convincing, making it easier for attackers to deceive even the most diligent accounts payable teams. The psychology factor behind such attacks involve heavily on creating fear or a sense of urgency. It’s important that AP teams have clear procedures in place, such as verifying the authenticity of requests and avoid on clicking unknown links or attachments.

id-card 1 Business Identity Theft Statistics

22. 1 in 4 Australians has been a victim of identity crime at some point in their lives.

Identity crime is a major concern for governments around the world. The Australian Institute of Criminology released findings from an annual survey showing that identity theft and misuse remain high in Australia.


23. In 2021, Australians made 124,491 reports attempts of to steal personal information.

Identity theft is a serious issue that can lead to financial losses for victims. Identity theft is caused by criminals who steal personal information and use it to take over your finances or manipulate you into giving away sensitive data like passwords. In Australia, identity theft has resulted in major financial losses.

24. Victims of identity crime spend an average of 34 hours repairing the damage caused.

Financial loss from identity theft can be difficult for businesses to recover. The difficulty lies in determining how much they are owed, what expenses need to be paid and when those payments should happen relative to their income levels before the crime occurred.

According to the Australian Intelligence Commission, identity theft has cost businesses in Australia around $36 billion annually.

25. 19% of respondents reported they had experienced misuse of their personal information at some point.

The use of personal information has been on an increase for years, and in 2019 it was identified as one of the top methods that cyber criminals used to obtain this sensitive data. Recent surveys found between 1-23 different types being misused by victims recently including mobile phones or email addresses.

26. Australians aged 15 years and over (154,300) experienced identity theft in 2020-21.


According to cyber crime statistics, personal fraud was on the rise back in 2015 sitting at 8%. There are other common types of fraud, though. Card fraud was reported to be the most common type of fraud to be committed by criminals.

27. 11% of Australians experienced personal fraud in 2020-21.

2020-21 was a prevalent year for personal fraud in Australia. Personal fraud is any activity that occurs between two individuals where one person uses the other for their own gain. Statistics reference that most of the reporting was towards a bank or financial institution.

phishing-1 Phishing Statistics

28. 286,607 scam reports in Australia in 2021, 71,299 were filed about phishing scams.

Phishing is the act of using fake websites or malicious emails to gather personal information like passwords. This can be done in order for someone else, such as hackers who want to access your email account. In Australia 2021 there were 71,299 phishing scams reported.

29. In 2020, 1 in every 4,200 emails was a phishing email.

When it comes to phishing, there’s no place safe. Email communications networks are now riddled with cybercrime as more people get their information from emails. The most common subject lines in emails for phishing were urgent, request, important, payment & attention.


30. 96% of phishing attacks arrive by email. Another 3% are carried out through malicious websites and just 1% via phone.

Nearly all (96%) of fraudulent emails come as incoming messages, with 3% coming from malicious websites and just 1% from phone calls or text messages (vishing).


31. 44,000 reports were made about phishing scams, Which represented a 75% increase during the pandemic.

The scammers took advantage of the pandemic to con unsuspecting people, according to a new report from Australia’s ACCC. Australians lost over $851 million in 2020 alone. This forces businesses to tighten their security measures for employees who are remote working.

32. 92% of Australian organisations were hit with phishing attacks in 2021.

The latest research from Proofpoint shows that Australian organisations are being hit hard when it comes to cyber-attacks. Australians are more likely to be successfully phished than people in other countries like the United States, the United Kingdom, and Japan. 92% of Australians have experienced some form of phishing in the last year.

33. Phishing scams: 546 reports and $1.1 million in losses.

According to the ACCC, scammers are becoming more sophisticated and it only takes one click to fall victim to a phishing scam.

34. Australians have reported over 62,000 phishing scams in 2022, with a record amount of over $3.72 million in losses reported.

Research conducted by Avast has reported that phishing scams can come in the form of email, phone, or text messages. With more and more people receiving their information through email, the risk of being tricked into giving up sensitive data increases daily.


35. There is a monthly average of over 6,000 phishing attacks per 100,000 people in Australia.

Stephen Kho with Avast Cybersecurity Expert says that they have seen an increase in phishing attacks reaching almost 6 thousand per month on average:

36. Australians reported 44,084 phishing attacks, up 75% from the 25,168 reported the previous year.

In 2020, phishing scams made an incredible record in Australia affecting SMEs. Unfortunately, phishing emails are easy to create where fraudsters can pretend to be important individuals or business entities solely relying on users to click for a scam to succeed.

37. The Anti-Phishing Working Group observed almost 1.1 million total phishing attacks in Q2 2022, the highest number of such attacks the international coalition has seen in a single quarter.

According to Newswire, phishing attacks climb to new record high in Q2 2022. The OpSec Security found that the financial sector including banks are hit the hardest with phishing attacks. John Wilson, senior fellow, threat research at HelpSystems said “Ninety-five percent of the threats found in enterprise user inboxes in Q2 were either credential threat or response-based attacks.”

ransomware-1 Ransomware Statistics

38. The ACSC received 447 ransomware cyber crime reports equating to a 10% decrease in 2021-22, compared to the 2020-21 financial year

The top 5 reporting sectors for ransomware attacks accounted for 47% of all ransomware-related cyber crime. This is a result of top-tier ransomware organised groups that are continuing to target large Australian organisations that are high profile or high value. Their tactic is a combination of data encryption and threats also known as ‘double extortion’.

39. Respondents aged 18 to 24 years and 25 to 34 years were most likely to have been victims of ransomware.

In a recent study, it was found that ransomware victimisation was significantly higher among males in their lifetime. This is likely due to the fact that males are more likely to engage in risk-taking behaviour, such as downloading pirated software or clicking on malicious links.


40. 10% of ransomware victims reported that they had money stolen as a result of their victimisation.

Ransomware attacks can cause significant financial losses for victims, as they may be unable to access their critical files or data until the ransom is paid. In some cases, victims have also reported that their personal information has been stolen as a result of ransomware attacks.

41. The Education and training sector (11%) reported the most ransomware incidents in 2021-2022.

Other than the education and training sector, other sectors targeted included information media and telecommunications (10%), professional, scientific, and technical services (10%), government (8%), and health care and social assistance (8%). It’s likely that ransomware remains significantly unreported due to public disclosure, embarrassment, or ignorance.

42. The Australian Cyber Security Centre (ACSC) reports that in the 2020-21 financial year, there were almost 500 reports of ransomware attacks.

During the 2020-21 financial year the ACSC observed that ransomware attacks had a significant increase as there were almost 500 reports of the type of cyber attack. The high proportion of attacks was mostly due to the COVID-19 pandemic, especially in larger organisations starting to implement working from home.


43. Of companies that fell victim to a ransomware attack, 33% paid the ransom, costing an average of AU$1.25 million for each breach.

Ransomware can be difficult to recover from because it often requires businesses to pay a ransom to get the decryption key. In addition, businesses may not be able to operate normally while their systems are encrypted. This can lead to lost productivity and breach cost.

Ransomware can also cause reputational damage to businesses. This damage can be difficult to repair, and it may make it difficult for businesses to attract customers and partners.

44. 19% of ransomware victims sought advice or support from the police or the ACSC. From this study, 23.2% of small to medium business victims paid the ransom containing millions of dollars and other associated costs.

According to cyber crime statistics, not all businesses are reporting cyber security incidents, especially in relation to ransomware attacks. The advice given by the ACSC to businesses around paying a ransom is that you shouldn’t. Paying a ransom does not guarantee your files will be returned or restored, nor tides it prevent the publication or sale of any stolen data.

45. It is estimated that there is a ransomware attack on a business every 11 seconds, with ransomware damage losses projected to reach US$20 billion in 2021.

Ransomware is becoming increasingly prevalent around the globe. As ransomware attacks are becoming more and more sophisticated it is estimated that such attacks can happen every 11 seconds to businesses no matter the size. Businesses must take action in focusing on increasing their information security and security protocols to prevent ransom attacks.


46. Ransomware attacks have increased by nearly 500% since the start of the COVID-19 pandemic.

The covid-19 pandemic has resulted in a sharp increase in ransomware attacks. The rise in ransomware attacks during the pandemic highlights the importance of having robust cybersecurity measures in place.

Organisations must make sure that their systems are regularly updated and that they have adequate backups in place so that they can recover from an attack quickly as well as their people, processes & technology.

Learn how to drive a cyber-crime strategy in the 2023 Cybersecurity Guide for CFOs.
A cyber-crime strategy helps lower the risk of cyber-incidents happening in the first place.

Eftsure’s guide helps CFOs understand the latest threats and how to create a strategy that fights a new generation of cyber-criminals and scammers.


Cybercrime is any criminal activity that involves using computers, mobile devices or other electronic devices for purposes such as fraud and theft. Cybercriminals use digital devices to attain access to a user’s personal information.

Cybercrime is a serious issue that individuals and businesses are still struggling to combat. There are many different types of cyber crimes and they all continue evolving, such as business email compromise, business identity theft, ransomware, malware, phishing, social engineering, phone scams & more.

According to the Australian Cyber Security Centre (ACSC), Australian organisations have reported a total loss of more than $33 billion from cybercrime from the 2020-21 financial year.

CFOs have a fiduciary duty to safeguard their organisation’s finances. With cyber-crime representing an increasingly significant risk to those finances, it’s important to implement digital controls. Not only are finances affected but also increase insurance premiums, impact credit rating & valuation, cost of business disruption, reputational costs and impact cash flow.

A sub-committee of the board should be established with all relevant executives to ensure comprehensive staff training programs, appropriate policies and internal controls, and technologies are adopted organisation-wide to help prevent losses from cyber-crime.

In most cases, cyber criminals’ objective is to attain financial gain from either individuals or businesses. This is achieved either by gaining access to types of data such as financial information (credit cards, invoices, bank details) company information (emails, usernames, passwords) and more.

Subscribe to our blog

Subscribe to the eftsure blog to receive updates when we post.

The new security standard for business payments

End-to-end B2B payment protection software to mitigate the risk of payment error, fraud and cyber-crime.