Australian Cyber Security and Cyber Crime Statistics

How much do you know about cyber crime in Australia? Test yourself against these 23 statistics and facts.

Cyber crime and cyber security is continuing to rise in Australia and around the world. At Sydney Technology Solutions, we work hard to protect our customers from cyber crime with layers of security designed to fight off sophisticated cyber crime, phishing, malware, social engineering and hacking. Australian organisations are rich targets for cyber crime. It’s important for you to be aware of how prevalent cyber crime is, so we are listing below recent statistics on Australian cyber crime.

Cyber crime is a true threat to businesses, municipalities, and organisations in Australia. It’s crucial to protect your IT network from cyber threats, but just as critical to train your employees and contractors how to spot phishing when it shows up their email.

Australian Cyber Crime General Statistics

  • Cyber crime has cost the Australian economy up to $1 billion annually in direct costs alone. (ACIC, 2019)
  • Cyber crime is expected to cost $6 trillion globally by 2021 (Cyberventures, 2016)
  • Australia is ranked 5th in the amount of exposed records by country at 20,035,981 — an average of 834,833 exposed records per breach (Risk Based Security, Inc, 2018)
  • The Australian Cybercrime Online Reporting Network (ACORN) received an average 12,750 reports of cyber crime between January 1, 2017- June 30, 2018. (ACORN Snapshot, 2017-2018)
  • According to Norton, there are 516,380 Australian small businesses that were victims of cyber crime in 2017 (
  • The top three crimes reported to ACORN were scams and fraud (50%), purchase or sale (21%), and cyber bullying (7%) (ACORN Snapshot, 2017-2018)
  • Unauthorised bank access, malicious software, Unauthorised email access, and Unauthorised bank access were the top four cyber crimes experienced by Aussies (Symantec, 2018)
  • About 41% of cyber-crime victims were between 20 – 40 years old and 34% were between 40-60 years old (ACORN Snapshot, 2017-2018)

Australian Cyber Crime Laws and Reporting

Since the Notifiable Data Breaches Scheme began in February 2018, Australians have had more opportunities to report breaches for tracking and law enforcement. Because cyber crimes evolve quickly, it’s difficult to trace them. That’s one reason why protecting your data from any malicious actors is critical.

  • $3 million or more — Number of Australian Government agencies, not-for-profit organisations, and businesses required to report a data breach incident to the OAIC (OAIC, 2018)
  • 30 days — how long entities have to report a data breach to the Commissioner’s office (OAIC 2018)
  • 812 — the number of data breaches reported to the Office of the Australian Information Commissioner (OAIC) since the Notable Data Breaches (NDB) scheme was introduced
  • 114 — the voluntary data breaches reports that were received by the OAIC during the 2017 financial year. This was one year before reporting became mandatory (, 2018)
  • 55% of organisations believe they have been fined for being in breach of the NDB Scheme and the General Data Protection Regulation (GDPR) (Telstra Security Report, 2019)
  • Failure to comply with the NDB scheme can result in fines up to $420,000 for individuals and $2.1 million for organisations (OAIC, 2018)
  • 63 — the amount of data breaches the OAIC was notified about in the first six weeks of mandatory reporting
  • Proposed amendments to the Privacy Act may increase maximum penalties to $10 million or 3X the value of any benefit obtained through misuse of information or 10% of a company’s annual domestic turnover — whichever is greater (Attorney-General for Australia, 2019)

Australian Cyber Attacks

Notable cyber attacks have been occurring more frequently than you may believe in Australia. It’s important not to risk your business and clients by not protecting your data well enough.

  • The top three types cyber security incidents experienced by Australian and New Zealand organisations were ransomware (17.8%), phishing (19.3%), and malware (17.9%) (BDO, 2108)
  • Malicious attacks (57 – 64%), human error (33 – 37%), and system error (3 – 6%) were the cause of reported incidents in the quarterly data breach report (OAIC, 2019)
  • Data loss and the theft of confidential information incidents rose by 78.68% in 2018 compared to 2017 (BDO, 2018)
  • Data breaches experienced through third-party providers and suppliers rose by 74.3% (BDO, 2019)
  • The top three targets for cyber criminals were email, social networks, and website advertising (ACORN Snapshot, 2017 – 2018)
  • 56% of Australian businesses that reported a cyber security attack, have experienced Business Email Compromise (BEC) weekly, monthly, or quarterly (Telstra Security Report, 2019)
  • The 5 most common cyber attacks were Phishing (48%), Malware (39%), Network scanning (24%), Brute force attacks (15%), and Man in the middle attacks (10%) (PWC’s 2018 Global Economic Crime & Fraud Survey: Australian Report)

If you want to learn more about cyber crime, cyber security or phishing, contact us.