Cybercrime Costs for Large Businesses Surge 219 Percent: ASD

The average cost of cybercrime for large businesses has risen by 219 percent in the 2025 financial year, compared with an 8 percent increase for individuals.

Mark Us Preferred on Google

Cybercrime Costs for Large Businesses Surge 219 Percent: ASD — A member of the hacking group Red Hacker Alliance who refused to give his real name uses a website that monitors global cyberattacks on his computer at its office in Dongguan, Guangdong Province, China, on Aug. 4, 2020. Nicolas Asfouri/AFP via Getty Images

Rex Widerstrom

6/11/2026|Updated: 6/11/2026

0:00

The Australian Signals Directorate (ASD) has revealed that the cost of cybercrime for large Australian businesses has increased by 219 percent compared to the previous year.

During a parliamentary inquiry into capability of law enforcement to respond to cybercrime, the head of ASD’s cyber security centre, Stephanie Crowe, said the agency received around 84,000 reports of cybercrime in the 2025 financial year.

“That’s the equivalent of one every six minutes. That’s probably consistent with the levels we saw in the previous financial year, but what I will say is, despite those levels remaining the same, the average cost to small businesses and individuals has increased dramatically over that time,” she told the Parliamentary Joint Committee on Law Enforcement.

The average cost of cybercrime for large businesses has risen by 219 percent over that period, compared with an 8 percent increase for individuals.

The ASD has also noted a sharp increase in the theft of credentials—things like passwords or PIN numbers—with that accounting for around 42 percent of the incidents it responded to in the past financial year.

“It is a significant trend in the cybercrime space,” Crowe said. “[So we are] thinking about how to disrupt the use of credentials by cybercriminals [who are then] on-selling those credentials for other purposes, or using those credentials to break into networks and cause incidents like business email compromise or ransomware.”

The ASD, through its website, cyber.gov.au, assists organisations in adopting multifactor authentication to minimise the risk of credentials being used against them, and advocates for other technology options, such as passkeys, which remove passwords from the authentication process.

Significant Increase in Cyber Attacks Against Australian Organisations

Crowe told the Committee that another significant trend is a dramatic increase in denial-of-service attacks against Australian organisations.

“A 280 percent increase was noticed in the last financial year when cybercriminals or other adversaries try to flood the services of an organisation—like websites or other services that they provide—with multiple traffic requests, and that results in their networks or systems being brought down for a period of time until they can recover,” she said.

While ransomware attacks—such as the one on electronic prescription service MediSecure, which exposed the details of half of the Australian population—grab headlines, they account for just 11 percent of the cybercrimes identified by the ASD, Crowe said.

The ADS’s deputy director-general also noted that a law change in 2024, which prevented the agency from using any information given to it by a company that had been a victim of cybercrime for regulatory or punitive action, had significantly improved the level of cooperation the Directorate was seeing.

“Prior to the limited use obligation, [there was] around a 50 percent response rate from industry when we talked to them about a potential incident. Now that’s up to around 75 percent, so that engagement is improving and people are reporting incidents to us,” she said.

We had a problem loading this article. Please enable javascript or use a different browser. If the issue persists, please visit our help center.