The Australian Signals Directorate’s 2024–25 Annual Cyber Threat Report lays bare the realities of Australia’s threat landscape. Ransomware remains rampant, AI is transforming attack capabilities, and basic defences are still letting organisations down.
After three decades working in cyber security, I’ve learned that these reports aren’t just about numbers – they’re roadmaps for how we adapt. Here are my four key insights from this year’s report, and what I believe Australian organisations need to take away from it.
1. The lines between nation states and criminals are blurring
It’s pretty clear now that the boundary between state-sponsored and criminal cyber threat actors is blurring.
Today’s attackers are using the same collection of tactics, techniques, and tools, whether their motive is espionage, extortion, or disruption.
This kind of convergence on the threat actor side demands a new approach to defence, with threat intelligence and incident response sitting at the heart of every cyber strategy.
I’ve been saying for a while now that the distinction between espionage and extortion is fast disappearing – and this year’s threat report proves it.
Whether an actor is working on behalf of a nation state or an organised criminal group, the tactics are often identical.
They exploit the same vulnerabilities, use the same attack frameworks, and even share infrastructure.
That means defenders can no longer rely on classifying an attack by its motive. We need to detect and respond based on behaviour.
Threat intelligence and incident response must sit at the centre of every cyber strategy, not on the periphery.
If you can’t see what’s happening in your network – and act on it fast – you’re already on the back foot.
2. Cyber hygiene remains the strongest line of defence
Strong intercept-resistant multi-factor authentication, unique passwords, tested backups, and timely patching are critical.
The fundamentals haven’t changed – the advice provided on how to shore up defences is still industry best practice.
The ACSC’s data shows again that these basic cyber hygiene measures prevent most incidents – yet too many organisations are still woefully exposed.
That’s the frustrating part. Every year the ACSC reminds us that basic hygiene stops most attacks, and every year we see organisations skip them.
Multi-factor authentication, password management, patching, and regular, tested backups aren’t exciting topics, but they are the bedrock of resilience.
I often see organisations investing heavily in shiny new tools while leaving these gaps wide open.
Until every business treats cyber hygiene like workplace safety – routine, monitored, and non-negotiable – we’ll keep seeing the same preventable incidents.
3. AI is transforming both attack and defence
AI-based tools are taking over on the tools side for threat actors, especially in the most sophisticated actor arsenals.
Malicious actors, even the small-time criminal ones, are using AI to automate phishing, analyse stolen data, and orchestrate denial-of-service campaigns.
You no longer need to be a technical genius to launch a sophisticated attack; AI does the heavy lifting.
We need to be investing research and time into defending against these AI-driven threats, which requires equally adaptive, intelligent security controls.
To stay ahead, we need to be just as adaptive. AI should be part of our defence strategy – analysing patterns, detecting anomalies, and automating responses faster than humans ever could.
But it must be deployed responsibly, with governance and ethics front of mind.
AI will make us safer, but only if we remain in control of how it’s used.
4. Ransomware still tops the list of costly and disruptive threats
Ransomware is still the most disruptive and costly cyber threat facing Australian organisations.
The average cost to large businesses has jumped up by 219%. That’s a huge cost.
But often we forget that the risk equation isn’t just about dollars – it includes the erosion of customer trust and operational continuity.
We’re now seeing ransomware gangs shift their focus toward operational technology systems, which makes this more than a corporate risk – it’s a national one.
Building resilience at scale means embedding recovery and continuity planning at every level: technical, operational, and executive.
It’s not enough to recover your data; you must be able to recover your confidence and your customers’ trust, too.
The bottom line
Cyber security today isn’t about building higher walls – it’s about building stronger systems that can adapt, respond, and recover.
We can’t control the sophistication of threat actors, but we can control how ready we are for them.
The 2025 report adds to the cacophony of alarm bells that have long been ringing. But it’s also a reminder that resilience is within reach – if we treat it as a shared responsibility across every organisation, every industry, and every Australian.
Learn more about Kinetic IT’s Enterprise Security solutions.
About Tony Campbell
Share
