Key Points
- The ACSC received 76,000 cybercrime reports in the 2021-22 financial year, an increase of 13 per cent
- It comes after high-profile data breaches at Optus, Medibank and real estate agency Harcourts.
Cybercrime is with an incident reported every seven minutes, according to The Australian Cyber Security Centre (ACSC).
The ACSC's Annual Cyber Threat Report has shown the agency received more than 76,000 cybercrime reports in the 2021-22 financial year, an increase of nearly 13 per cent from the previous year.
So how significant is the issue of cybercrime, what can the authorities do about it, and should you be worried?
What is driving the increase in cybercrime?
Defence minister and deputy prime minister Richard Marles told ABC Breakfast on Friday there were many factors driving the increase in cybercrime reports.
"In part we're living more of our lives online, and the pandemic has accelerated that ... but cybercrime is now big business, the average impact for a small business is $40,000 per incident, and something like $88,000 for medium businesses, so you can see there's a lot of money to be made by cyber criminals," he said.
"We're also seeing more state-based actors ... in the murky grey world that is cyberspace, we're seeing a lot of cross-pollination between state actors and cyber criminals and all of this is giving rise to a much more precarious environment for all of us online."
Mr Marles said the Optus data breach was a reminder for both individuals and businesses to be more vigilant.
"That incident [Optus breach] is something of a wake-up call ... in a way, I hope this annual cyber threat report adds to the wake-up call, not just for Optus but for the whole of the corporate sector and for individuals as well," he said.
"Cyberspace is a much more challenging environment ... there are a lot of pickpockets out there, this can be happening on a grand scale, so people do need to be more vigilant at an individual level."
What is the government doing?
Following the Optus and Medibank data breaches, the Albanese government introduced new legislation, increasing penalties on companies for serious or repeated privacy breaches.
Under the new legislation, penalties will rise from $2.22 million to whichever is the greater of $50 million, 30 per cent of the company's turnover in the relevant period, or three times the value of any benefit gained from the stolen data.
The deputy prime minister said fines would be "just part of the answer" when it comes to improving cybersecurity around the country.
"It's part of the answer ... I think we do need to be thinking about other ways we can go about this in a regulatory sense," he said.
"We're examining all of those options, I think a lot of this is about making sure that the systems are in place across the private sector, across government, that we are investing a lot more in this space - which we are doing"
How can you protect yourself?
Mr Marles said the release of the report was part of an increase in public messaging around the importance of cyber safety.
When it comes to individual protection, the ACSC recommends setting up secure passwords and setting up multi-step authentication whenever possible.
It also suggests regularly updating apps and systems to ensure you are up-to-date with security upgrades, and backing up files to external devices in case your accounts are ever compromised.
Using browsers with hardened security settings and turning off browsing history and cookies can also be beneficial.
Cyber Security Minister Clare O'Neil said businesses are expected to handle their customer's cyber data better in light of the "concerning" report.
"To big businesses around this country: you have got obligations to Australians, especially if you are collecting and keeping personal information about your customers," she told the Nine Network on Friday.
"I want the corporate sector to step up and do better."
What else did the report find?
The most at risk are Commonwealth and state government systems, making up more than one-third of all cyber incidents.
Health systems were the next big targets, mainly due to cyber criminals attacking vulnerable businesses that are more likely to pay ransoms to access their data back.
The security agency's head Abigail Bradshaw said cyber threats were constantly evolving and targeting the nation's critical infrastructure more frequently.
It blocked more than 24 million malicious domain requests, took down 29,000 attacks against Australian services and responded to 185 ransomware movements, which is a 75 per cent increase.
The agency was also involved in five successful operations taking down online criminal marketplaces and foreign scam networks.
