Australia's sensitive data needs to be protected more against cybercriminals. With new cyberthreats on the horizon, businesses and government entities must reassess their security posture and implement strict security measures.
In this article
- Email phishing and ransomware attacks prevail in Australia
- AI-generated deepfake attacks and AI-enhanced phishing schemes are concerning for 2025
- Data breaches in Australia are well above the global average
- 4 ways to increase data security in 2025
- Curb data breaches in Australia: Be accountable for securing data against cyberattacks in 2025
Australia has been a victim of various notable cyber incidents in recent years. Since the Optus and Medibank data breaches in late 2022, there has been a surge of subsequent data breaches impacting more Australians than ever before. [1]
However, this increase in data breaches also puts Australia well ahead of the global average of organisations that have experienced a data breach within the previous year. This insight makes up some of the findings of GetApp’s 2024 Data Security report, which surveyed 4,000 participants in 11 countries, 500 of whom were in Australia.*
Data security and effective data governance are integral to company operations and reputation. Subsequently, CISOs always need to evolve strategies to deal with the latest threats. Increasing data breaches make it more essential to reprioritise efforts against data security-related threats in the coming year. However, it can be challenging to get up to speed to fight these threats without facing any software vulnerabilities. In this article, we share key strategies to boost security and detail four vital recommendations.
- Advanced email phishing (32%) and ransomware attacks (30%) are the top threats IT professionals are concerned about for 2025
- 55% of IT data professionals in Australia identify AI-generated deepfake attacks and AI-enhanced phishing schemes as the most concerning AI-generated threat for the next 12 months
- 72% in Australia have suffered data breaches in 2024, ahead of the global average of 62%.
- 50% of data breaches in Australia were caused by software vulnerabilities
Email phishing and ransomware attacks prevail in Australia
Phishing remains at the top of IT professionals' watchlist, with 92% of Australian participants saying they or others in their organisation had received a phishing email in the past 12 months. More worrying still, 86% of that group reported that they or someone else in the business had subsequently clicked on malicious links within the email.
Ransomware cases in 2024 also affected a significant proportion of the Australian sample. In total, 64% worked in an organisation targeted by one or more system-locking attacks aimed at stealing data to extort money from companies. As a result, the consequences of attacks are still dire, with 60% of firms hit by ransomware stings resorting to paying a ransom. For a proportion (24%), it was possible to recover from the attack and decrypt the data without paying.
Unfortunately, as many (28%) of ransomware victims lost data in the attack that was never recovered. This includes 3% that had no backups and simply had to accept the permanent data loss without engaging with the hackers. These cases underscore the importance of developing strong ransomware defences.
AI-generated deepfake attacks and AI-enhanced phishing schemes are concerning for 2025
Threat detection and monitoring is an ongoing task for IT security and data security professionals. However, keeping on top of threat intelligence can be a challenge as cyberattacks adapt and evolve, and 2024 has been no exception.
According to our participants, AI-generated deepfake attacks are the biggest security-related risk factor for this year and into 2025. Significantly, 66% of Aussie companies have a deepfake response plan because of this threat.
In some ways, this finding will come as a little surprise as the topic of AI-based cyberattacks has been running throughout 2024, as has the rise of easily accessible generative AI technology. [2] The fact that AI has enhanced concerns around security is reflected in our latest findings, where deepfakes and phishing have topped the charts in Australia.
Data breaches in Australia are well above the global average
A data breach whereby company data is exposed, lost, or stolen during a cyberattack is a major threat to business stability. This can be especially harmful to companies if clients are subject to identity theft as a result, and these infractions can potentially incur repercussions from governing bodies.
Of concern, data breaches appear to be on the rise in Australia, with 72% of IT data professionals saying their company was hit by one or more data breaches in the last 12 months. This compared well against a global average of 61%.
As seen in the graph below, there are many ways breaches can occur, but not all of them involve bad actors or malicious intent.
The Office of the Australian Information Commissioner (OAIC) seeks to ensure a higher level of accountability from businesses and government entities in securing personal information. The Australian government, in an effort to curb the increasing data breaches, has pushed forward with the ‘Privacy and Other Legislation Bill 2024’, to support and enhance enforcement powers of the OAIC. [1]
Currently, the OAIC publishes by-yearly reports on notifications received under the Notifiable Data Breaches (NDB) scheme to track the leading sources of data breaches and highlight emerging issues and areas for regulated entities’ ongoing attention. The OAIC will continue to provide guidance to help organisations understand their obligations under the scheme.
4 ways to increase data security in 2025
Based on the findings above, American data security seems slightly more stable in 2024. To ensure that this continues, we’ve leveraged our data to highlight four important tips that can be used to ensure continued security and stability for firms into 2025.
1. Get started with security basics
It’s vital to ensure basic protections are covered before worrying about more advanced protection considerations. For example, our sample data's three most used security tools are antivirus, network security, and firewalls, which will surprise very few people.
While these tools are well-established and fairly encompassing, it is important to use security software with features that make it more adept at dealing with upcoming threats. This may mean using a program with robust malware detection tools and one that also updates its software frequently to address the threat of AI-powered malware and other emerging issues more directly.
2. Ensure databases are configured correctly
With AI attacks looking to represent a major challenge in the coming months, it’s important to ensure data security protocols are safely in place. As seen in our findings, 37% of data breaches occurred due to improperly configured databases or system errors. This makes regular checks of system integrity a priority.
The need to review overall data security also represented the biggest priority for over half (51%) of Australian respondents. This makes sense, especially in situations where vulnerabilities can become wider due to the existence of AI-generated cyberthreats.
It also goes without saying that data security professionals should implement a decent level of encryption. While most forms of artificial intelligence, such as deep learning, don’t have the capacity to break encryption, AI-powered attacks can make stolen data riskier. [4]
3. Simulate potential cyberthreats
Cybersecurity protection tools offer a good level of defence against data thieves and cyberattackers. However, these tools aren’t foolproof, and sometimes threats slip through the cracks. Therefore, it is vital to create a level of preparedness within an organisation to spot attacks.
Our data showed that 75% of workers belong to businesses that simulate phishing attacks, above the global average of 70%. These exercises can enhance email security by promoting awareness of the signs of social engineering attacks before they can do any damage. This practice can also identify the extent to which extra cybersecurity awareness training should be conducted across an enterprise.
4. Standardise MFA defences
Multi-factor authentication (MFA) can be a game-changer in preventing an attack. It multiplies the opportunities to thwart a potential attack and prevent a data breach or takeover of a system by a hacker. Therefore, it was no surprise that 55% of IT and data professionals surveyed said that their companies use MFA for all applications, compared with a global average of 44%.
This appears to be helping companies avoid some of the worst impacts of a cyberattack compared to others abroad. Interestingly, Australian respondents appear to prefer MFA options that authenticate access via a passcode, received on a mobile device, by email, or found on a dedicated authentication app. Biometrics comparatively appear to be considerably less popular.
These findings may have been compounded by worries about the risks of AI breaking the defence of biometrics. In GetApp’s 2024 Executive Cybersecurity survey, for example, we observed high fears in Australia about the potential for biometrics to be compromised by AI-generated fraud.
Curb data breaches in Australia: Be accountable for securing data against cyberattacks in 2025
The picture for data security at the end of 2024 into 2025 continues to show growth in the number of organisations affected by data breaches. The cybersecurity infrastructure is always changing, and the growth of AI tools means the nature of threats is evolving fast.
It is important that companies review and, where necessary, enhance their security coverage and ensure data is properly protected. This will help create the best chance of avoiding looming threats in 2025.
To study the bigger picture of artificial intelligence in cybersecurity in more detail, the second part of our analysis of GetApp’s Data Security Survey examines how AI is an opportunity as much as a risk. This can help businesses plan ways to incorporate it into their cybersecurity infrastructure and make their network monitoring more secure.
Survey methodology
*GetApp’s 2024 Data Security Survey was conducted online in August 2024 among 4,000 respondents in Australia (n=350), Brazil (n=350), Canada (n=350), France (n=350), India (n=350), Italy (n=350), Japan (n=350), Mexico (n=350), Spain (n=350), the U.K. (n=350), and the U.S. (n=500) to learn more about data security practices at businesses around the world. Respondents were screened for full-time employment in an IT role with responsibility for, or full knowledge of, their company's data security measures.
Sources