CFOtech Australia - Technology news for CFOs & financial decision-makers
Australia

Guides

#
artificial intelligence
#
data analytics
#
digital transformation
#
fintech
#
health technologies

Search

Australian office building wrapped in digital chains padlocks cyberattacks symbolizing security threats
#
Data Protection
#
Ransomware
#
Advanced Persistent Threat Protection

Australian firms face world’s highest cyberattack rate & losses

Thu, 13th Nov 2025
Author image
By Sean Mitchell, Publisher

Australian enterprises have reported the highest rate of damaging cyberattacks globally, according to new industry research. Over four in five large businesses in Australia have suffered a materially impactful attack on their operations in the past year, compared to just over half worldwide.

Widespread breaches

The data shows that 85% of major Australian organisations experienced cyber incidents resulting in measurable financial, reputational or operational harm during the past 12 months. This sits significantly above the 54% global average. Additionally, 41% of Australian enterprises have been hit multiple times, compared to just 26% internationally.

Ransomware remains a particular challenge. Nearly all affected Australian businesses (96%) reported paying ransoms following attacks, despite government and regulatory advice not to engage with extortion demands. Around two in five paid more than USD $1 million (AUD $1.53 million) each, and a similar proportion paid between USD $100,000 and $999,000.

Revenue and legal implications

The impact of recent attacks has been felt deeply in company finances. Nine in ten firms report revenue losses, with nearly a third estimating the loss at up to 10% of annual turnover. The aftermath of incidents also triggered almost universal legal or regulatory consequences. Some 61% of organisations faced fines - the highest figure reported globally - while over half were subjected to lawsuits or external audits.

Pressure from within companies is also mounting. A majority of private sector organisations experienced scrutiny from stakeholders, and more than three quarters say directors have pressed to dismiss senior leaders following a major cyber incident.

"The significant impact of cyberattacks in Australia is a wake-up call. What's clear is that traditional approaches to cybersecurity are no longer working and current guidance isn't cutting through - leaving organisations exposed to attacks that impact the entire business. From financial loss and leadership pressure to eroding customer trust, consequences are no longer confined to the IT departments. In response, businesses must prioritise cyber resilience, not just as preventative protection, but as a strategic imperative to mitigate material impact and enable rapid and secure recovery," said James Eagleton, Managing Director ANZ, Cohesity.

Customer trust at risk

Cyberattacks are also affecting client relationships. 41% of Australian organisations reported losing customers directly due to security incidents. In some cases, losses exceeded 15% of their client base.

Resilience challenges

The study highlights a gap between perceived and actual cyber resilience in Australian enterprises. While 56% say they are confident in their ability to quickly recover from incidents, nearly half of businesses who suffered an attack reported being reinfected after their initial recovery, suggesting persisting vulnerabilities.

There is some evidence of strong internal coordination in responding to incidents, with 49% stating post-attack collaboration was seamless, compared to 33% globally. However, the report points to the need for more comprehensive strategies covering protection, detection, identification, response, and recovery.

AI and automation pressures

Australian organisations are rapidly adopting artificial intelligence and automation for cybersecurity, but many admit their risk tolerance lags behind advancements. A majority of senior leaders (54%) believe automation is necessary for speeding up detection and recovery, and almost all respondents say generative AI cybersecurity assistants could enhance security. However, 88% believe the pace of AI implementation is exceeding their risk threshold, and manual verification was still required in most threat detections.

"AI and automation are critical to modern cyber resilience, but there's a clear gap between belief and investment. Organisations need to move beyond manual processes and embrace secure, governed automation to stay ahead of evolving threats. Right now, many are stuck in reactive mode, relying on manual verification and fragmented recovery processes. To truly bounce back from attacks, organisations must shift their focus from just protection to rapid recovery, and that means embedding automation and AI into their resilience strategies," said Statton.
Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Exclusive: Yealink's Jeremy Chen on expanding into Australian retail
Avast warns of surge in fake online shops in Australia
Cloudera predicts industrial AI boom in Australia by 2026
One in three Australians open to AI shopping assistants
Canon expands imageFORCE range with new A3, A4 printers

Top stories

Why every business needs an AI strategy (even if AI isn’t the strategy)
Employment Hero tests real-time super ahead of 2026
How to detect fake players in online gaming
AI's next phase in Australia: 4 Predictions for 2026
Xero rolls out AI bank reconciliation with JAX tool