Individuals in Australia faced fewer cybercrimes in 2025 compared with 2024 and experienced relatively few consequences from them. Except, that is, the owners and operators of small and medium-sized businesses (SMBs), more of whom experienced legal and staffing fallouts.

Earlier this week, the Australian Institute of Criminology (AIC) published the results of a survey in which 10,593 Australians were asked about the cybercrimes they faced in 2025. Their responses were positive in some ways. Cybercrime was down overall. The financial costs of cybercrimes were also low. And that’s despite some countervailing factors.

“Fewer Australians checked their privacy settings, bought cyber insurance, or ran antivirus software in 2025 than the year before, and overall cybercrime still dropped,” marvels Brian Long, CEO and co-founder of Adaptive Security. “These individual precautions still matter, and this trend also points to something bigger: Protection is shifting upstream, into the platforms, telcos, and devices people already use every day.”

Related:Europe Evolves Into Ransomware’s Favorite Region

In less positive news, the consequences of cybercrimes got more serious in 2025 for individuals who own or otherwise manage businesses.

Good News for Consumers

To begin with, 45.1% of survey respondents reported they were victims of a cybercrime last year. It’s no trivial number, but it’s down from 47.8% the year prior.

Online abuse and harassment (which affected 27.1% of respondents in 2024, and 24.6% in 2025) and identity-related crimes (down from 22.1% to 20.4%) trended in the right direction, helped by a reduction in financial account compromise (17.7% to 15.8%), unsolicited sexual material (down from 7.6% to 6.3%), and straight-up impersonation (down from 7.8% to 6.9%).

Adding to the good news: The large majority of victims in 2025 faced no financial losses from what happened to them, and those that did didn’t lose all that much. Depending on the type of crime, 76% to 86.5% of victims reported losing less than 1,000 Australian dollars (about US$690). Between 9.8% and 19.8% said they lost between AU$1,000 and AU$10,000, and a small fraction lost more than that. With that said, 58.8% of victims — 26.4% of the total surveyed population — said they suffered consequences of one kind or another, be it to their pocketbooks, health, social lives, or for legal reasons.

Remarkably, all these positive indicators came despite markedly lower levels of personal cybersecurity hygiene. Fewer Australians said they used antivirus or firewalls on their devices (down from 39.3% in 2024 to 36.2% in 2025) or spam-filtering software (from 20.5% to 17.8%). Fewer respondents said they used different passwords for different online accounts (from 50.9% to 47.7%), and avoided clicking suspicious links and attachments (from 67.1% to 64.8%).

Related:Nordic CISOs Handle Rising Cyber Threats Remarkably Well

“The bigger shift here is that a lot more of the protection now sits with the companies consumers use every day, not with the consumer personally,” explains Justin Allen, senior manager of security operations at Huntress. “Banks, phone providers, browser vendors, operating system vendors, and major platforms are doing far more of the real defensive work in the background than they used to. Browser sandboxing, automatic patching, account monitoring, transaction controls, and things like the Scam-Safe Accord are all examples of companies putting institutional safeguards in front of users at scale. That is a big reason some old-school personal habits, like manually running antivirus scans, have become less central than they once were.”

At the same time, he emphasizes that doesn’t mean personal cyber hygiene has stopped mattering. “It means the line has moved. If attackers cannot reliably break the system, they try to work around it by manipulating the person. That is why social engineering, relationship-based fraud, SIM swapping, and credential harvesting matter so much.”

Related:Do Ceasefires Slow Cyberattacks? History Suggests Not

Most other categories of individual cybercrime in Australia rose or fell only modestly. The two categories that rose to a statistically significant degree were fraud and scams (up from 9.7% to 11.1%), and in parallel with its global resurgence in general, ransomware (up from 2.5% to 3.1%).

Bad News for Business Owners

One in four respondents who owned or managed SMBs reported that cybercrime negatively affected their businesses in some way during 2025. Disruption to everyday business functions (28.7%) was the most common consequence of these incidents. 

More notably, a growing number of SMB owners and operators reported that cybercrime caused them legal issues (up from 5.1% in 2024 to 7.9% in 2025) as well as costs for staffing (from 5.9% to 10%). People have been quitting or losing their jobs thanks to some of these incidents, AIC speculated, and businesses have been suffering legal and regulatory fallout at rates higher than ever.

Allen describes why, using the 2022 lawsuit against Australian health insurance company Medibank as an example. “The Full Federal Court basically signaled that companies cannot assume their post-incident cyber reviews will stay tucked away,” he explains. Whereas companies before might have gotten away with poor incident response (IR) or cybersecurity controls in the past, now all their dirty laundry is made public. “That raises the stakes fast. Then you layer on the Cyber Security Act with the 72-hour ransomware reporting rule, plus the Privacy Act reforms and the possibility of much bigger penalties, and suddenly boards need to prove they were not asleep at the wheel.”

But that pressure doesn’t stay in the boardroom, Allen emphasizes. “It rolls downhill into compliance work, reporting overhead, internal stress, and blame shifting. That is a big part of why teams are burning out and why some leaders are deciding it is no longer worth the personal risk.”





Source link

#

No responses yet

Leave a Reply

Your email address will not be published. Required fields are marked *