1 Cyber Attack Every 6 Minutes: Incidents Surge 23 Percent in 2024

Australia has witnessed a 23 percent rise in cybercrime cases in 2024, with new cases increasing by 94,000 over the past year. The Australian Signals Directorate (ASD) also revealed a 10 percent decrease in proactive industry reporting on cybercrime issues from June to August 2023 compared to the previous year.
According to the Department of Home Affairs, a cyberattack occurs every six minutes in Australia, often forcing companies to pay ransoms to regain access to critical data.
This data was presented before a parliamentary inquiry into the Cyber Security Legislative Package 2024, which includes three bills.
The proposed legislation aims to implement seven initiatives under the 2023-2030 Cyber Security Strategy. This strategy seeks to align Australia with global standards and establish the country as a leader in cyber security.
Stephanie Crowe, Head of the Australian Cyber Security Centre at ASD, highlighted the concerning types of cyber incidents, including ransomware attacks and data extortion attempts.
“The payments are going to fund criminals who just get much more sophisticated through the funds that are provided to them,” he explained.
ASD officials said delays in incident reporting and limited industry engagement hinder effective threat mitigation. Further, swift information-sharing is essential to countering cyber threats.
Highlighting the value of early threat reporting, Crowe said, “when industry and small businesses are able to tell us early indications of an incident, we might be able to prevent those incidents occurring to other people, and that’s a really important part of our national function to scale defense against some of the ransomware and cyber crime incidents being reported to us.”
Witnesses expressed frustration over delays in inter-agency information-sharing, urging the need for quicker response protocols.
During consultations since February 2023, stakeholders expressed mixed views, with some advocating for a zero threshold to align with the Privacy Act.
While the government discourages ransom payments, Hansford said transparency in reporting could help companies avoid future incidents. The framework is “targeted and measured,” with Australia’s requirements being less stringent than those of countries like India and Singapore.
To accommodate smaller businesses, the ASD supports the $3 million turnover threshold to balance transparency with compliance capability.
Dale Furse, chief operating officer of ASD, shared that a centralised portal website at cyber.gov.au is under development to streamline reporting.
This portal will enable businesses to report incidents, vulnerabilities, and cybercrimes in one place.
ASD has pledged to make the portal accessible for small- and medium-sized enterprises (SMEs), with support from Council of Small Business Organisations Australia and the 1300 CYBER1 hotline for direct assistance.
Last year, this initiative hosted over 450 events aimed at promoting best practices across various sectors. Key focuses include advocating for secure-by-design standards and urging businesses to rectify vulnerabilities, such as default device passwords that cybercriminals frequently exploit.
The cyber.gov.au portal complements these efforts by providing tailored guidance to different industries.
ASD said it was important to build trust within the business community to effectively combat rising cyber threats.
Crowe stated that the limited-use provision allows the ASD to respond swiftly to cyber incidents without businesses fearing regulatory repercussions.
Further, the provision under the Intelligence Services Act ensures that data reported to ASD is used solely for immediate cybersecurity purposes.
This framework is essential in encouraging smaller organisations to report incidents and engage in cybersecurity initiatives.
However, a trust deficit remains, primarily due to regulatory concerns that hinder open information sharing.
While technical staff are often willing to collaborate, internal policies can restrict their participation.
To address this, ASD is committed to transparency and the secure handling of reported data, aiming to foster a more cooperative environment essential for mitigating the increasing cyber risks facing Australia.