The ASD’s 2023 Cyber Threat Report reveals key trends of cybercrime in Australia

On 14 November 2023, the Australian Signals Directorate (ASD) published its 2022-2023 Annual Cyber Threat Report (Report). This Report reveals key trends to understand in cybercrime facing Australian governments, business and individuals.

This Report can help those in the education and for-purpose sectors to understand how the current state of cybercrime in Australia may affect their organisation.

The ASD runs the Australian Cyber Security Centre (ACSC), which is the Australian Government’s technical authority on cyber security and has a 24-hour hotline for advice about and reporting of cyber threats and incidents (1300 CYBER1, or 1300 292 371).

The top reporting sectors reporting cybercrime to the Australian Cyber Security Centre

Graph showing top 10 reporting sectors with educational and training highlighted

The graph above shows the top 10 sectors of reporting to the ACSC and the percentage the reporting represents of the entire financial year. Most relevant to the Moores community of value-align clients is that both education and training, and healthcare and social assistance were sectors in the top 5.

  • 6.7% of reports to the ACSC were from the Education and Training sector.
  • 5.9% of reports to the ACSC were from the Healthcare and Social Assistance sector.

While this shows a high risk of being a target of a cybercrime, it can also reveal strong awareness in these industries with high levels of reporting.

Recommendations from the ASD for all Australian organisations

The ASD recommends all Australian organisations:

  • only use reputable cloud service providers and managed service providers that implement appropriate cyber security measures;
  • review the cyber security posture of remote workers, including their use of communication, collaboration and business productivity software;
  • implement relevant guidance from ASD’s Essential Eight Maturity Model, Strategies to Mitigate Cyber Security Incidents and Information Security Manual;
  • regularly test cyber security detection, incident response, business continuity and disaster recovery plans;
  • train staff on cyber security matters, in particular how to recognise scams and phishing attempts; and
  • report cybercrime and cyber security incidents to ReportCyber.

Ransomware is the most destructive cybercrime threat

The 2022-2023 Annual Cyber Threat Report reveals the significant threat of ransomware.

Around 10% of all cyber security incidents in 2022-23 involved ransomware. The ASD advises against paying ransoms.

The report also reveals that 8.7% of reported ransomware-related cyber security incidents came from the healthcare and social assistance sector.

Pie graph showing 10% of attacks as ransomware

It is important to note that a quarter of the ransomware reports also involved confirmed data exfiltration where the actor extorts the victim for both data decryption and the non-publication of data.

Pie graph showing 25% of ransomware as data exfiltration

How we can help

Understanding the education and for-purpose sectors in which our clients operate, we can provide tailored cyber security and privacy advice and support. We can help you take practical steps to uplift your cyber security, looking to the human elements as well as the technical. We like to think about information management as an opportunity to grow your organisation.

Contact us

Please contact us for more detailed and tailored help.

Subscribe to our email updates and receive our articles directly in your inbox.

Disclaimer: This article provides general information only and is not intended to constitute legal advice. You should seek legal advice regarding the application of the law to you or your organisation.