ACSC's Annual Cyber Threat Report 2021-22


This week the Australian Cyber Security Centre (ACSC) released their annual Cyber Threat Report, and whilst it may not include the recent Medibank and Optus data breach figures (the report was run from 1 July 2021 - 30 June 2022) it still makes for some enlightening, yet sombre reading.

If you are interested in reading the whole report, you can find it here, otherwise lets jump to our summary of the key facts and figures:

  • The ACSC noted a heightened threat environment being shaped by global conflict, such as that in Ukraine.
  • The ACSC went so far as to issue an advisory urging Australian organisations to adopt an enhanced security posture following the invasion.
  • Ransomware remained the most destructive cyber crime
  • There was an increase of 15% in reported cyber crimes from last year
  • The Commonwealth Government led the list for top industry sectors reporting cyber security incidents.


  • When a cybercrime caused a financial loss, the average loss reported by small organisations is now over $39,000, for medium organisations is over $88,000, and for large organisations is over $62,000.
  • Fraud, online shopping and online banking were the most frequently reported cybercrime types, accounting for 54% of all reports.

  • There was a 25% increase in reported software vulnerabilities world wide, highlighting the need for software patching of devices 

  • There was an increase in financial losses due to Business Email Compromise (BEC) to over $98 million, you can find out more about BEC and how to combat it in our recent blog here.

  • Queensland held the dubious honour of being the leading state for reported BEC for the 2021-22 financial year:


  • Their suggested minimum approach to security:
    • Update software, operating systems and firmware regularly
    • Replace hardware that can no longer be updated
    • Use multifactor authentication in conjunction with secure, unique passwords
    • Backup your data and in multiple places if possible.


That rounds out the key points from the report, if you haven't already checked it out we recommend heading over to our free resources page and download our 14 ways to protect your business from a cyber attack guide to start your cyber security journey and secure your business data and as always,  if you would like to sit down for a no bullsh*t discussion about securing your business give us a call on 1300 778 078.