Close this search box.

ACSC’s 2021-2022 Cyber Threat Report: Key Takeaways


The Australian Cyber Security Centre (ACSC) released their third Annual Cyber Threat Report on Friday, November 4th. The report highlights the cyber threats facing Australia from July 2021 to June 2022, the ACSC’s response, and tips on how consumers and businesses can protect themselves online.

Five key cyber trends are described by the ACSC for the financial year 2021-22: 

  1. Cyberspace has become a battleground
  2. Australia’s prosperity is attractive to cybercriminals
  3. Ransomware remains the most destructive cybercrime
  4. Worldwide, critical infrastructure networks are increasingly targeted
  5. The rapid exploitation of critical public vulnerabilities became the norm

Frequency of cybercrime reports

More than 76,000 reports of cybercrime were received by the ACSC. Reports were submitted on average every seven minutes, up 13% from the previous year.

Cybercrime by type

Cybercrime reports were dominated by the following crimes:

  • Online fraud: approximately 27 per cent
  • Online shopping: approximately 14 per cent
  • Online banking: approximately 13 per cent.
Cybercrime reports by type for financial year 2021-22
Source: ACSC

Medium sized businesses hit the hardest

There was an average increase of 14% in the cost of cybercrime. A cybercrime incident costs a small business on average $39,000, a medium business $88,000, and a large business over $62,000. 

Cybercrime reports and average reported loss by organisation size for financial year 2021–22
Source: ACSC

ACSC hones in on BEC

The process of business email compromise (BEC) involves an attacker targeting a company and scamming them out of money or goods. A BEC can also lead to payment diversion fraud, when hackers impersonate others to create or amend invoices or direct payments to bank accounts owned by them.

In Australia, BEC is a growing problem that impacts businesses across all industries. BEC scams have led to billions of dollars in potential losses for organisations. Despite the efforts of law enforcement agencies, only a small portion of BEC financial losses is ever recovered.

Breakdown of successful BEC reports by jurisdiction for financial year 2021-22
Source: ACSC

Some key points on BECs in Australia are:

  • Nationally, successful BECs resulted in an average loss of over $64,000
  • Queensland had the most BEC reports (389 reports)
  • Western Australia reported the highest self-reported financial losses, with an average of $112,000 per report
  • Property settlements are being heavily targeted by BEC schemes

MFA’s role in protection against BECs

A multi-factor authentication (MFA) system is the most effective protection against theft of credentials by threat actors. MFA can help mitigate BEC attacks in addition to credentials-based attacks and slow lateral movement for threat actors if they gain access to a network. In light of the possibility of payment diversion fraud arising from BEC schemes, finance departments should be on high alert.

The evolution of cybercrime-as-a-service

With the growth of the Dark Web, cybercriminals are now able to sell pre-packaged exploit kits, customised malware, and even the software and computing power needed to launch ready-made ransomware attacks.

In the age of cybercrime-as-a-service, several barriers to entry have been removed, making it possible for people with little technical skills to conduct a greater volume of malicious activities than ever before.

Defending against the new age of cybercrime

The most important step organisations can take to protect themselves against cyber-attacks is to follow basic IT hygiene and cybersecurity best practices. This includes

  • Keeping track of what you have is essential. Protecting hardware and software requires an accurate inventory.
  • Provide employees with Security Awareness Training.
  • Update your systems and applications right away. One of the biggest threats to a business’s security is an unpatched system.
  • Assess the security posture of your organisation on a regular basis with Penetration Testing.
  • Establish a Cyber Security Strategy that assesses your company’s current state and defenses, and identifies where you need to be in order to proactively detect and prevent threats.
Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235


Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →



Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution



A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →