INDUSTRIES & MARKETS

Cyber security and cyber

crime in Australia
 Table of Contents

01 Global overview Average loss of cyber incidents reported to ACSC in Australia FY 2022, by org size 22
Cyber attack types organizations were most likely to fall victim to Australia 2022 23
Cybersecurity market revenues worldwide 2020-2030 04
Global cybersecurity technology growth rate forecast 2021, by technology 05
04 Ransomware and malware
Critical cybersecurity areas worldwide 2022-2023 06
Share of cyber attacks in global industries worldwide 2022 07 Reported ransomware and malware attacks in Australia 2022, by month 25

Cyber security investment priorities for companies worldwide 2022 08 Number of reported ransomware and malware attacks in Australia 2022, by age 26

IT spending forecast on cyber security worldwide 2022 09 Number of ransomware and malware attacks in Australia 2022, by location 27
Delivery of ransomware attacks in Australia 2022, by number and amount lost 28

02 Cyber security in Australia

05 Scams
Market size of cybersecurity industry Australia 2019-2022 11
Share of planned cybersecurity spending by organizations Australia 2021 by initiative 12 Number of scam reports in Australia 2022, by category 30

Share of organizations with data trust practices in Australia 2021 by practice 13 Reported loss from scams in Australia 2022 by leading category 31

Breakdown of government cyber security strategy funding in Australia 2020 14 Reported loss from scams in Australia 2022, by payment method 32

Leading network protection challenges foreseen by organizations in Australia 2022 15 Online shopping scam loss in Australia 2015-2022 33

Organizational understanding of risks arising from third parties Australia 2021 16 Number of scam attempts to gain personal info in Australia 2022, by age 34
Delivery of attempts to gain personal info Australia 2022, by number and amount lost 35

03 Cyber crime in Australia

06 Consumer sentiment
Number of cybercrimes reported to the ACSC in Australia FY 2020-2022 18
Share of cybercrime incidents reported to ACSC in Australia FY 2022, by type 19 Online privacy awareness and concern in Australia 2018-2021 37

Share of cyber security incidents reported to ACSC in Australia FY 2022, by sector 20 Share of adults who believe companies use their online personal data Australia 2021 38

Share of cybercrime incidents reported to ACSC in Australia FY 2022, by state 21 Share of adults who always refuse app permissions Australia 2021 by age group 39

1
 Table of Contents

Industries considered to be the least cyber secure by Australian adults 2022 40

Share of adults who stop spending at a brand following a data breach Australia 2022 41

07 Spotlight: cyber security and the global remote workforce

Global challenges in keeping the remote workforce secure 2021 43
Products end services used to ensure online security on devices 2021, by license 44
Technologies used to enable secure work from home worldwide 2022 45
CISOs that say more cyberattacks have occurred with remote working 2022, by country 46
Corporate data accessed when working remotely worldwide 2021 47

2
CHAPTER 01

Global overview
 Size of the cybersecurity market worldwide from 2020 to 2030 (in billion
U.S. dollars)
Cybersecurity market revenues worldwide 2020-2030

600
538.3

500

407.9
Market in billion U.S. dollars

400

296.1
300

217.9
200

100

0
2020 2022 2027* 2030*

4 Description: The global cybersecurity market size is forecast to grow to 538.3 billion U.S. dollars by 2030. Cybersecurity is the practice of protecting computer information systems, hardware, network, and data from cyberattacks. An increasing awareness of cyber
threats lead to a rising investment in cybersecurity infrastructure worldwide. Read more
Note(s): Worldwide; 2021 to 2027; * Forecast 2022-2030 CAGR: 7.8% Read more
Source(s): GlobeNewswire; Research and Markets; Various sources
 Expected growth rate of cybersecurity technologies worldwide in 2021, by
technology
Global cybersecurity technology growth rate forecast 2021, by technology

Best-case scenario Worst-case scenario

14%
12.5%
12%
11%
10.4% 10.4%
10%
8.8%
8.1% 8%
Growth rate

8% 7.5%
6.6%
6.2%
6%
4.2% 4.2%
4%

2%

0%
Web and email security Vulnerability and security Endpoint security Identity access Network security Data security
analytics management

5 Description: In 2021, global web and email security technology is expected to grow approximately 12 percent in a best-case scenario. Even in a worst-case scenario, this segment is expected to grow by almost 9 percent. As organizations rely heavily on disparate
technologies to empower their workforce, these technologies converge to ensure properly working connections between cloud services and users. Certainly, security is a cornerstone of this development in order to protect sensitive data, for example. Read more
Note(s): Worldwide; 2021
Source(s): Canalys
 Most important cybersecurity areas worldwide in 2022 with a forecast
until 2023
Critical cybersecurity areas worldwide 2022-2023

Share of respondents

2023 2022

0% 10% 20% 30% 40% 50% 60% 70%

Data Security 58%

Privacy 45%
53%
Cybersecurity analytics 41%
45%
Cybersecurity metrics 38%
45%
Risk analysis 36%
46%
Application security 36%

Compliance 30%
39%
Workforce education 25%
35%
Penetration testing 22%
33%
Zero Trust 17%

6 Description: Over half of respondents agreed that the most critical cybersecurity area in 2023 was data security. It was followed by privacy and cybersecurity analytics, each chosen by more than 40 percent of respondents. Read more
Note(s): Worldwide; 2021 to 2022; 1,125 respondents; 500 respondents from the United States, as well as 125 respondents for each of the following regions: ANZ, ASEAN, Benelux, DACH and the UK.
Source(s): CompTIA
 Distribution of cyber attacks across worldwide industries in 2022
Share of cyber attacks in global industries worldwide 2022

Share of cyber attacks

0% 5% 10% 15% 20% 25% 30%

Manufacturing 24.8%

Finance and insurance 18.9%

Professional, business, and consumer services 14.6%

Energy 10.7%

Retail and wholesale 8.7%

Education 7.3%

Healthcare 5.8%

Government 4.8%

Transportation 3.9%

Media and telecom 0.5%

7 Description: In 2022, manufacturing had the highest share of cyber attacks among the leading industries worldwide. During the examined year, cyber attacks in manufacturing companies accounted for nearly 25 percent of the total cyber attacks. Finance and
insurance followed with around 19 percent. Professional, business, and consumer services ranked third with a share of 14.6 percent. Read more
Note(s): Worldwide; 2022
Source(s): IBM
 Main cyber security investment priorities for companies worldwide in 2022
Cyber security investment priorities for companies worldwide 2022

Share of respondents

Realising benefits from implementation Implementing at scale Started implementing / Planning to do in the future

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 110%

Cloud security 16% 35% 45%

Security awareness training and cross training security operations 16% 36% 46%
Endpoint security 16% 35% 46%
Managed security services (e.g., managed security services, managed detection… 15% 33% 46%
Real-time threat intelligence capabilities 15% 33% 49%
Business continuity/disaster recovery planning 15% 34% 47%
Enterprise identity and access management (e.g. Federation, SSO) 14% 32% 48%
Consumer identity and access management 14% 33% 48%
Enterprise-wide information governance framework 14% 32% 50%
Software-defined access 14% 33% 48%
Third-party risk management processes 12% 32% 51%
Zero Trust 11% 28% 52%

8 Description: As of 2022, 16 percent of respondents stated that their company was already realizing the benefits from investing in cloud security, security awareness training, and endpoint security. However, more than 50 percent of respondents were planning on
implement third-party risk management processes and zero trust strategies in the future. Read more
Note(s): Worldwide; July to August, 2021; 3,602 respondents; Business, technology and security executives
Source(s): PwC
 Information Technology (IT) spending expectation on cybersecurity
worldwide in 2022
IT spending forecast on cyber security worldwide 2022

80%

69%
70%

60%
Share of respondents

50%

40%

29%
30%

20%

10%
2%
0%
2022 spending will increase 2022 spending will stay flat 2022 spending will decrease

9 Description: In 2021, when asked about their organizations' plan to increase spending on cybersecurity in 2022, 69 percent of respondents indicated that their spending will increase. Only two percent of respondents expected their cyber security spending to decrease
in 2022. Read more
Note(s): Worldwide; November 2021
Source(s): ESG
CHAPTER 02

Cyber security in Australia

 Total market size of the cybersecurity industry in Australia from 2019 to
2022 (in million U.S. dollars)
Market size of cybersecurity industry Australia 2019-2022

5,000
4,540
4,500 4,230
4,120
4,000
3,640
Market size in million U.S. dollars

3,500

3,000

2,500

2,000

1,500

1,000

500

0
2019 2020 2021 2022*

11 Description: The total market size of the cybersecurity industry in Australia was estimated to reach over 4.5 billion U.S. dollars in 2022. According to the source, the federal government was the largest end-user market for cyber security sales in the country. Read more
Note(s): Australia; 2019 to 2022; *2022 estimates. Total market size is total local production plus imports, minus exports. Read more
Source(s): International Trade Administration
 Distribution of intended spending over the next two years to simplify
cyber security by organizations in Australia in 2021, by initiative
Share of planned cybersecurity spending by organizations Australia 2021 by initiative

Share of planned cybersecurity spend

0% 2% 4% 6% 8% 10% 12% 14%

Creating an integrated third-party risk management office 10%

Rationalising the supply chain 11%

Restructuring the security team 11%

Creating integrated governance structure for data 12%

Rationalisation of technology 11%

Integrating controls and processes across disciplines (risk, cyber, compliance,

13%
privacy)

Reduction of outdated or end-of-life technology 12%

Adopting a cloud-first technology strategy 11%

Creating integrated resilience playbook (crisis, business continuity, cyber) 10%

12 Description: In a survey conducted amongst executives and corporate directors of organizations in Australia in 2021, over the next two years, organizations planned to allocate around 13 percent of their cyber security spending to integrating controls and processes
across disciplines including risk, cyber, compliance, and privacy. Other planned spending categories included reducing outdated or end-of-life technology, and restructuring their security teams. Read more
Note(s): Australia; July and August 2021; 114 respondents; Respondents were executives (38 CEOs, and 76 corporate directors, CFOs, CISOs, CIOs, and C-Suite officers)
Source(s): PwC Australia
 Share of organizations with fully implemented formal data trust processes
in place in Australia as of October 2021, by data trust practice
Share of organizations with data trust practices in Australia 2021 by practice

Share of respondents
0% 5% 10% 15% 20% 25% 30% 35% 40% 45%

Knowledge of the data inventory, where data comes from, ow data moves through
35%
business processes and systems and how it has been transformed (protection)

Data retention and data elimination policies and schedules (minimisation) 38%

Ability to share data securely with third-parties, business partners, and suppliers,
and to potentially "audit" their compliance to terms (security measures, 39%
disposition, appropriate usage) (protection)
Deployment of processes and technologies that provide encrpytion, tokenization,
39%
redaction/masking technologies across sensitive data enviroments (protection)
An understanding of where personally identifiable information (PII), sensitive data,
intellectual property, and high value data resides throughout the enterprise 32%
(discovery)
Capability and process for valuing data assets and continuously improving data
34%
quality (governance)

A combined strategy for data management, cyber, privacy, record retention

35%
functions and other information governance functions (governance)

13 Description: In a survey conducted amongst executives and corporate directors of organizations in Australia in 2021, just over one third of the organizations had fully implemented formal processes regarding data inventory knowledge, including where data comes
from, how it moves through the business, and how it is transformed. Less than one third of organizations had fully implemented practices regarding personally identifiable information, sensitive data, intellectual property and other high [...] Read more
Note(s): Australia; July and August 2021; 114 respondents; Respondents were executives (38 CEOs, and 76 corporate directors, CFOs, CISOs, CIOs, and C-Suite officers)
Source(s): PwC Australia
 Australian government funding to measures under the cyber security
strategy in Australia in 2020 (in million Australian dollars)
Breakdown of government cyber security strategy funding in Australia 2020

Expenditure in million Australian dollars

0 200 400 600 800 1,000 1,200 1,400 1,600

Cyber Enhanced Situational Awareness and Response (CESAR) 1,350

Strengthening Australia`s counter cybercrime capability 164.9

Grow Australia`s skills 90.2

Support to small and medium enterprises and vulnerable Australians 63.4

Enhance the cyber security of universities 1.6

14 Description: The 2020 Cyber Security Strategy, released by the Australian Government, indicated that a total of 1.35 billion Australian dollars was committed to funding Cyber Enhancement Situational Awareness and Response (CESAR). CESAR is a package designed to
support the Australian Government in the identification of cyber threats, disrupt cyber crime, and build partnerships with industry and government. Read more
Note(s): Australia; 2020
Source(s): Department of Home Affairs (Australia)
 Leading challenges foreseen by organizations in protecting their networks
against cyber threats and attacks in Australia in 2022
Leading network protection challenges foreseen by organizations in Australia 2022

Share of respondents
0% 5% 10% 15% 20% 25% 30% 35% 40%

Monitoring remote worker access 38%

Shortage of IT security skills 32%

Lack of budget 31%

Too many alerts to analyze and respond to 21%

Lack of visibility into cloud access and usage 20%

Lack of visibility into user and device activity on the network 17%

Lack of support from business leaders 14%

Inadequate or outdated firewall protections 12%

Lack of resiliency or preparedness to respond 11%

Too many siloed security tools 11%

Volume of incidents 9%

15 Description: In a survey conducted amongst organizations in Australia in early 2022, around 38 percent of respondents considered monitoring remote worker access would pose a challenge in protecting their network against cyber threats and attacks in the 12
months following the survey. A shortage of IT security skills and a lack of budget were also identified as top challenges by around one third of respondents. Read more
Note(s): Australia; Early 2022; 100 respondents
Source(s): Infoblox; Various sources (CyberRisk Alliance)
 Share of organizations with an understanding of cyber and privacy risks arising
from third parties and suppliers in Australia in 2021, by level of understanding
Organizational understanding of risks arising from third parties Australia 2021

Share of respondents

No understanding Low Moderate High

0% 10% 20% 30% 40% 50% 60%

3%
Data breaches 15%
46%
41%
3%
Privacy violations 18%
50%
33%
1%
Cloud risks 14%
44%
38%
3%
IoT/technology vendors 16%
51%
31%
1%
Software supply chain risks 18%
47%
33%
1%
Nth party risks (i.e. third parties to third parties) 17%
41%
36%

16 Description: In a survey conducted amongst executives and corporate directors of organizations in Australia in 2021, less than 50 percent of the surveyed organizations reported a high level of understanding of the various cyber and privacy risks which may arise from
third parties and supplies. Around three percent of the organizations reported no understanding of risks including data breaches, privacy violations, and IoT/technology vendors. Read more
Note(s): Australia; July and August 2021; 114 respondents; Respondents were executives (38 CEOs, and 76 corporate directors, CFOs, CISOs, CIOs, and C-Suite officers)
Source(s): PwC Australia
CHAPTER 03

Cyber crime in Australia

 Number of cybercrime reports made to the Australian Cyber Security
Centre in Australia in financial year 2020 to 2022
Number of cybercrimes reported to the ACSC in Australia FY 2020-2022

80,000 76,000

70,000 67,500

59,806
60,000
Number of cybercrime reports

50,000

40,000

30,000

20,000

10,000

0
Financial year 2020 Financial year 2021 Financial year 2022

18 Description: The Australian Cyber Security Centre (ACSC) received approximately 76 thousand cybercrime reports in the financial year 2022. The number of reports has increased in comparison to previous years, with approximately 67 thousand cybercrime reports
filed in financial year 2021. Read more
Note(s): Australia; financial year 2020 to financial year 2022
Source(s): Australian Cyber Security Centre
 Distribution of cybercrime incidents reported to the Australian Cyber
Security Centre in Australia in financial year 2022, by type
Share of cybercrime incidents reported to ACSC in Australia FY 2022, by type

30%
26.9%
Share of cybercrime incidents reported

25%

20%

14.4%
15%
12.6% 12.2%

10%
6.12%
4.36% 3.92%
5% 3.01% 2.64% 2.6% 2.58% 2.22% 1.94% 1.79% 1.75%
0.59% 0.37%
0%
t

ce

er
g

t
n

ng
ed
d

t
ng

en

en

ef
in

lin

in

ar
ar
io
au

BE

re

th
an

ki
pi

ar

Th
nk

lly
rt
m

w
w
sm
l
Fr

Th
Se

al

O
op

Sh
m
to

om
al
Bu
st
Ba

ID

St
as

M
Ro
Ex
Sh

ve

ns
ar
e

ag
In

k
in

Ra
H
l

Im
Bu
nl
O

19 Description: In the 2022 financial year, over one quarter of cybercrime incidents reported to the Australian Cyber Security Centre were fraud related. The second highest share of reported threats were shopping related. Read more
Note(s): Australia; financial year 2022; Australia's financial year runs from July 1 to June 30; for example, financial year 2017 starts on July 1, 2016 and ends on June 30, 2017.
Source(s): Australian Cyber Security Centre
 Distribution of cyber security threats reported to the Australian Cyber
Security Centre in Australia in financial year 2022, by affected sector
Share of cyber security incidents reported to ACSC in Australia FY 2022, by sector

Share of cyber threats reported

0% 5% 10% 15% 20% 25% 30%

Government (Commonwealth) 24%

Government (state/territory/local) 10%

Health care and social assistance 9%

Information media and telecommunications 8%

Professional, scientific and technical services 7%

Education and training 7%

Financial and insurance services 4%

Manufacturing 4%

Construction 4%

Electricity, gas, water, and waste services 3%

20 Description: In the 2022 financial year, 24 percent of cyber security threats reported to the Australian Cyber Security Centre were from Commonwealth Government agencies. The second highest share of reported threats were from state and territory and local
government agencies. Read more
Note(s): Australia; financial year 2022
Source(s): Australian Cyber Security Centre
 Distribution of cybercrime incidents reported to the Australian Cyber
Security Centre in Australia in financial year 2022, by jurisdiction
Share of cybercrime incidents reported to ACSC in Australia FY 2022, by state

35%

30% 29%
Share of cybercrime incidents reported

27%

25%
22%

20%

15%
11%
10%
6%
5%
2% 2%
1%
0%
Queensland Victoria New South Wales Western Australia South Australia Tasmania Australian Capital Northern Territory
Territory

21 Description: In the 2022 financial year, 29 percent of cybercrime incidents reported to the Australian Cyber Security Centre were from the state of Queensland. The second highest share of reported threats were from Victoria. Read more
Note(s): Australia; financial year 2022; Australia's financial year runs from July 1 to June 30; for example, financial year 2017 starts on July 1, 2016 and ends on June 30, 2017.
Source(s): Australian Cyber Security Centre
 Average reported financial loss of cybercrime incidents reported to the Australian Cyber
Security Centre in Australia in financial year 2022, by organization size (in Australian dollars)
Average loss of cyber incidents reported to ACSC in Australia FY 2022, by org size

100,000
88,407
90,000
Average reported loss in Australian dollars

80,000

70,000
62,233
60,000

50,000
39,555
40,000

30,000

20,000

10,000

0
Small business Medium business Large organisation

22 Description: In the 2022 financial year, the average financial loss of cybercrime incidents reported to the Australian Cyber Security Centre by medium sized businesses was over 88 thousand Australian dollars. Small businesses reported the lowest average financial
loss. Read more
Note(s): Australia; financial year 2022; Australia's financial year runs from July 1 to June 30; for example, financial year 2017 starts on July 1, 2016 and ends on June 30, 2017.; * Report averages only those cybercrime reports where financial loss [...] Read more
Source(s): Australian Cyber Security Centre
 Cyber attack types organizations were most likely to fall victim to in
Australia as of 2022
Cyber attack types organizations were most likely to fall victim to Australia 2022

70%
63%

60%
55%

50%
Share of respondents

39%
40%

30%

20%

10%

0%
Phishing Ransomware Advanced Persistent Threat (APT)

23 Description: In a survey conducted amongst organizations in Australia in early 2022, around 63 percent of respondents reported falling victim to phishing attacks. Over 50 percent of respondents had also fallen victim to ransomware attacks. Read more
Note(s): Australia; Early 2022; 100 respondents
Source(s): Infoblox; Various sources (CyberRisk Alliance)
CHAPTER 04

Ransomware and malware

 Number of reported ransomware and malware attacks in Australia in 2022,
by month
Reported ransomware and malware attacks in Australia 2022, by month

600

500 487
Number of reported attacks

400

294
300
235

187 190
200
141 135
111
100

0
January February March April May June July August

25 Description: In January of 2022, over 487 reports of malware and ransomware attacks were made to the Australian Competition and Consumer Commission. Although the number of reports made in June was lower than in January, the amount lost was highest that
month, with over 115 thousand Australian dollars reportedly lost to malware and ransomware attacks in June. Read more
Note(s): Australia; August 2022
Source(s): ACCC
 Number of reported ransomware and malware attacks in Australia in 2022,
by age group
Number of reported ransomware and malware attacks in Australia 2022, by age

500

450 434

400

350
Number of reports

300 288

250

200 186 184

150 129

100 81

50 26

0
Under 18 18 to 24 25 to 34 35 to 44 45 to 54 55 to 64 Over 65

26 Description: In 2022 in Australia, around 434 reports of ransomware and malware attacks were made by people aged 65 and over to the Australian Competition and Consumer Commission, resulting in close to 55 thousand Australian dollars in money lost. Those aged
under 18 reported the least number of attacks. Read more
Note(s): Australia; August 2022
Source(s): ACCC
 Number of reported ransomware and malware attacks in Australia in 2022,
by location
Number of ransomware and malware attacks in Australia 2022, by location

600

514
500

424

400 367
Number of reports

300

200 181
169

100
53 46
13 13
0
NSW VIC QLD WA SA ACT TAS NT Overseas

27 Description: In 2022 in Australia, over 500 reports of ransomware and malware attacks were made to the Australian Competition and Consumer Commission by people in New South Wales, resulting in close to 47 thousand Australian dollars in money lost. In Victoria,
over 120 thousand Australian dollars were reportedly lost to malware and ransomware attacks. Read more
Note(s): Australia; August 2022
Source(s): ACCC
 Delivery method of reported malware and ransomware attacks in Australia in
2022, by numbers of reports and amount lost (in thousand Australian dollars)
Delivery of ransomware attacks in Australia 2022, by number and amount lost

Amount lost in thousand Australian dollars Number of reports

120,000 900
Amount lost in thousand Australian dollars

102077 800
100,000 763
91232 727
700

80,000 600

Number of reports
500
60,000
50920
400

40,000 300
27980
19001 200
20,000 153 12342
100
74
25 24 0 0 0
0 4 5 4 0
Social Text message Internet Phone Email Mobile In person Mail Not applicable
networking Applications

28 Description: In 2022 in Australia, 25 reports of malware and ransomware attacks via a social network were made to the Australian Competition and Consumer Commission, resulting in reported losses of over 100 thousand Australian dollars. Reports made about text
message malware and ransomware attacks were the most common. Read more
Note(s): Australia; August 2022
Source(s): ACCC
CHAPTER 05

Scams
 Number of reported scams in Australia in 2022, by category
Number of scam reports in Australia 2022, by category

Number of scam reports

0 10,000 20,000 30,000 40,000 50,000 60,000 70,000 80,000

Phishing 74,573

Other scams 28,203

False billing 27,488

Online shopping scams 17,886

Identity theft 16,212

Remote access scams 11,792

Hacking 11,772

Classified scams 10,649

Investment scams 9,361

Rebate scams 4,475

Dating and romance scams 3,698

Jobs and employment scams 3,383

Inheritance and unexpected money 3,186

Threats to life, arrest or other 3,036

Overpayment scams 2,981

30 Description: Phishing was the most prevalent form of scam in Australia in 2022, with over 74.5 thousand incidents reported. There were also around 27.5 thousand reports of false billing. Read more
Note(s): Australia; 2022
Source(s): ACCC
 Reported financial loss from scams in Australia in 2022, by leading
category (in million Australian dollars)
Reported loss from scams in Australia 2022 by leading category

Reported loss in million Australian dollars

0 50 100 150 200 250 300 350 400

Investment scams 377.25

Dating and romance scams 40.58

False billing 24.83

Phishing 24.62

Remote access scams 21.76

Threats to life, arrest or other 13.93

Identity theft 10.74

Jobs and employment scams 9.7

Online shopping scams 9.26

Classified scams 8.47

31 Description: In Australia in 2022, investment scams created total losses of over 377 million Australian dollars for victims. Around 40 million Australian dollars worth of losses caused by dating and romance scams were incurred that year. Read more
Note(s): Australia; 2022
Source(s): ACCC
 Reported financial loss from scams in Australia in 2022, by payment
method (in million Australian dollars)
Reported loss from scams in Australia 2022, by payment method

Reported loss in million Australian dollars

0 50 100 150 200 250

Cryptocurrency* 221.3

Bank transfer 210.4

Credit card 12.1

32 Description: In Australia, losses from scams totaling around 221 million Australian dollars were reported as being paid with cryptocurrency in 2022. Payments made via bank transactions exceeded 210 million Australian dollars that year. Read more
Note(s): Australia; 2022; *Removing significant loss outliers, cryptocurrency losses increased 90.2 percent to 160.6 million Australian dollars. Read more
Source(s): ACCC
 Money loss from online shopping scams reported in Australia from 2015
to 2022 (in million Australian dollars)
Online shopping scam loss in Australia 2015-2022

9
8.07
8
7.38
Scam loss in million Australian dollars

7 6.61

4.85
5

4
3.28
3

2
1.46 1.38
1.28
1

0
2015 2016 2017 2018 2019 2020 2021 2022*

33 Description: As of September 2022, around 6.61 million Australian dollars had been lost in online shopping scams in Australia. In 2021, over eight million Australian dollars had been reported as being lost through online shopping scams. Read more
Note(s): Australia; 2015 to 2022; *As of September 2022. Date used is date of access. Values have been rounded. Read more
Source(s): ACCC
 Number of reported scam attempts to gain personal information in
Australia in 2022, by age group
Number of scam attempts to gain personal info in Australia 2022, by age

18,000
16,091
16,000

14,000

12,000
Number of reports

9,643
10,000 9,007 9,011

8,000 6,989

6,000

4,000
2,249
2,000
325
0
Under 18 18 to 24 25 to 34 35 to 44 45 to 54 55 to 64 Over 65

34 Description: In 2022 in Australia, over 16 thousand reports of scam attempts to gain personal information were made by people aged 65 and over to the Australian Competition and Consumer Commission, resulting in close to 15 million Australian dollars in money
lost. The number of reports increased with age. Read more
Note(s): Australia; August 2022; Attempts to gain personal information includes: hacking, identity theft, phishing, and remote access scams.
Source(s): ACCC
 Delivery method of reported scam attempts to gain personal information in Australia in
2022, by numbers of reports and amount lost (in million Australian dollars)
Delivery of attempts to gain personal info Australia 2022, by number and amount lost

Amount lost in million Australian dollars Number of reports

20 35000

18 17.46
Amount lost in million Australian dollars

30000
16 28594

14 24921 25000

Number of reports
12
20000
10
15000
8
12109
6 5.06 5.05 4.72 10000
3.55
4
5000
2 0.81 0.8
1618 1933 0.29 0.06
1375
0 276 364 368 0
Phone Internet Text message Email Mobile Social In person Mail Not applicable
applications networking

35 Description: In 2022 in Australia, over 28 thousand reports of scam attempts to gain personal information via text message were made to the Australian Competition and Consumer Commission, resulting in reported losses of over 5 million Australian dollars. Reports
made about scam attempts to gain personal information via phone led to the most financial losses, at a value of over 17 million Australian dollars. Read more
Note(s): Australia; August 2022; Includes hacking, identity theft, phishing, and remote access scams.
Source(s): ACCC
CHAPTER 06

Consumer sentiment
 Online privacy awareness and concern in Australia from 2018 to 2021
Online privacy awareness and concern in Australia 2018-2021

2018 2019 2020 2021

60%
54%

50% 47%
44% 44%
39%
Share of respondents

40%

31% 30% 30%

30%
23%
20%
20%
15%
12%
10%

2% 2% 2% 3%

0%
Very concerned Fairly concerned Not very concerned Not at all concerned

37 Description: According to a survey conducted in 2021 in Australia about digital consumer trends, 30 percent of respondents were very concerned about how companies they interacted with online used their personal data. The share of respondents who were very
concerned has decreased since 2018. Read more
Note(s): Australia; July 2021; 2000 respondents; 18-75 years; respondents who think companies use or share their personal data
Source(s): Deloitte
 Share of Australian adults who believe the companies they interact with
online use their personal data in 2021
Share of adults who believe companies use their online personal data Australia 2021

90% 85%

80%

70%

60%
Share of respondents

50%

40%

30%

20%
11%
10%
4%

0%
Yes No I don't know

38 Description: According to a survey conducted in 2021 in Australia about digital consumer trends, around 85 percent of respondents were believed that companies they interacted with online used their personal data. Less than 5 percent of respondents believed
companies did not use their data. Read more
Note(s): Australia; July 2021; 2000 respondents; 18-75 years; respondents who have a phone or smartphone
Source(s): Deloitte
 Share of Australian adults who always refuse app permissions in 2021, by
age group
Share of adults who always refuse app permissions Australia 2021 by age group

50%
47%

45%

39%
40%

35%
Share of respondents

29%
30%

25%
20%
20%
16% 16%
15%

10%

5%

0%
18-24 25-34 35-44 45-54 55-64 65-75

39 Description: According to a survey conducted in 2021 in Australia about digital consumer trends, almost 50 percent of respondents aged 65 to 75 reported always refusing app permissions. The likelihood of always refusing app permissions increased with the age
groups. Read more
Note(s): Australia; July 2021; 2000 respondents; 18-75 years; respondents who have a phone or smartphone
Source(s): Deloitte
 Industries considered to be the least cyber secure by Australian adults in
2022
Industries considered to be the least cyber secure by Australian adults 2022

50%

44%
45%

39%
40%

35%
Share of respondents

30%
26%
25%

20%

15%

10%

5%

0%
Finance Government Retail

40 Description: In a survey conducted amongst Australian adults in 2022, 44 percent of respondents indicated that they consider the finance industry to be the least secure industry for cyber related incidents. Government was also considered to be one of the least cyber-
secure industries by respondents. Read more
Note(s): Australia; January 2022; 1004 respondents; 18 years and older
Source(s): Atomik Research ; PCI Pal
 Share of Australian adults who would stop spending money with a brand
following a reported hack or data breach in 2022
Share of adults who stop spending at a brand following a data breach Australia 2022

Share of respondents
0% 5% 10% 15% 20% 25% 30% 35% 40% 45%

Would never spend money with that brand again 40%

Would remove their custom for a few months 27%

Would avoid spending with the brand for at least a few weeks 11%

Would continue spending but worry it could happen again 17%

41 Description: In a survey conducted amongst Australian adults in 2022, over three quarters of respondents indicated that they would either pause or completely stop spending with a brand or organization following a reported hack or data breach. Less than one-fifth of
respondents would continue spending directly following a reported hack or breach. Read more
Note(s): Australia; January 2022; 1004 respondents; 18 years and older
Source(s): Atomik Research ; PCI Pal
CHAPTER 07

Spotlight: cyber security and

the global remote workforce
 Most important challenges in keeping the remote workforce secure
worldwide in 2021
Global challenges in keeping the remote workforce secure 2021

35%
31%
30%
30% 29% 29%
27%

25%
Share of respondents

20%

15%

10%

5%

0%
Rapid deployment of new Lack of security awareness Keeping up with the new Concern over physical security Strain on help desk teams
collaboration tools like video among remote workforce threats and tactics with so many distributed form an influx of remote work
conferencing assets complications

43 Description: The most important challenge in keeping remote workforce secure in 2021 was the the rapid deployment of new collaboration tools, such as video conferencing. At the same time, one third of respondents considered the lack of security awareness among
remote workforce to be a challenge in 2021. Read more
Note(s): Worldwide; May to June, 2021; 4,753 respondents
Source(s): ISC2
 Most used products and services to ensure online security on devices in
selected countries in 2021, by type of license
Products end services used to ensure online security on devices 2021, by license

Share of respondents

Paid Free

0% 5% 10% 15% 20% 25% 30% 35% 40% 45%

29%
Antivirus
41%
16%
Private browser
39%
17%
Ad blocker
37%
17%
Password manager
33%
20%
VPN
26%
18%
Privacy software, app or service, not VPN
26%
18%
Anti-tracker
27%
18%
Virtual card for payments
26%

44 Description: The most used product to ensure online security on consumer electronic devices in 2021 was an antivirus, with nearly one third of respondents having a paid license. At the same time, 20 percent of respondents paid for a virtual private network (VPN),
while another 26 percent accessed a free version. Read more
Note(s): Australia, Denmark, France, Germany, Italy, Netherlands, Romania, Spain, Sweden, United Kingdom, United States; June 2021; 10,124 respondents; 18-65 years; Internet users
Source(s): BitDefender
 Main technologies used by companies worldwide to enable employees to
securely work from home in 2022
Technologies used to enable secure work from home worldwide 2022

Share of respondents
0% 10% 20% 30% 40% 50% 60%

Anti-virus / endpoint security software 51.9%

Virtual private network (VPN) 49.7%

Software-defined wide area network (SD-WAN) 43.5%

Network access control (NAC) 42.8%

Mobile device/application management (MDM/MAM) 40.5%

Secure access service edge (SASE) 39.5%

Zero trust network access (ZTNA) 34.5%

45 Description: The most important technology used by companies worldwide to enable employees to securely work from home in 2022 was an anti-virus or endpoint security software. Moreover, nearly 50 percent of respondents used a virtual private network (VPN),
wile 34.5 were already benefiting from a zero trust network access (ZTNA). Read more
Note(s): Worldwide; November 2021; 1,200 respondents; Respondents who have an IT security job role
Source(s): CyberEdge; ISC2
 Percentage of CISOs saying their business has seen more targeted attacks
since enabling widespread remote working worldwide in 2022, by country
CISOs that say more cyberattacks have occurred with remote working 2022, by country

Share of respondents
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Global Average 51%

Canada 87%

Australia 66%

France 61%

United Kingdom 56%

Germany 55%

Sweden 51%

United States 50%

Japan 50%

Netherlands 49%

Singapore 44%

Spain 43%

Italy 37%

United Arab Emirates 32%

Saudi Arabia 29%

46 Description: Chief Information Security Officers (CISOs) in the Canada, Australia and France overwhelmingly suggested that their business had seen more targeted cyberattacks since enabling widespread remote working as of 2022. By contrast, countries such as Italy,
United Arab Emirates, and Saudi Arabia have a more positive outlook on remote work compared to the global average of 51 percent. Read more
Note(s): Worldwide; 2022; 1,400 respondents; Chief Information Security Officers (CISOs) from organizations with more than 200 employees
Source(s): Courthouse News Service; Proofpoint
 Corporate data accessed by remotely working employees worldwide in
2021, by category
Corporate data accessed when working remotely worldwide 2021

Share of respondents
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%

Customer data 43%

Operational data 43%

Financial records 23%

Human resources 23%

Billing information 22%

Sales and marketing data 21%

Expense tracking 20%

Payroll 17%

Inventory 16%

Forecast data 14%

Trade secrets, roadmaps, and company plans 13%

Copyright/patent information 8%

47 Description: In 2021, 41 percent of remotely working employees globally stated accessing customer data. Other common types of data accessed while working remotely included operational data, financial records, and data pertaining to human resources. This
created IT security issues, as distributed workers were not protected by the corporate firewall. Read more
Note(s): Worldwide; March 17 -25, 2021; 8,443 respondents; Adults
Source(s): HP Inc.; YouGov
 Sources

ACCC Various sources

Atomik Research Various sources (CyberRisk Alliance)
Australian Cyber Security Centre YouGov
BitDefender
Canalys
CompTIA
Courthouse News Service
CyberEdge
Deloitte
Department of Home Affairs (Australia)
ESG
GlobeNewswire
HP Inc.
IBM
Infoblox
International Trade Administration
ISC2
PCI Pal
Proofpoint
PwC
PwC Australia
Research and Markets

48