The Australian Cyber Security Centre (ACSC) has published its Annual Cyber Threat Report for the period from July 2021 to June 2022.

Although it does not include the Optus and Medibank Private cyber attacks in September and October 2022, the report is comprehensive in its analysis of cybercrime, ransomware and attacks on critical infrastructure.

The report observes that in 2021–22, cybercrimes directed at individuals, such as online banking and shopping compromise, remained among the most common, while Business Email Compromise (BEC) trended towards targeting high-value transactions like property settlements.

The report recommends defences for individuals and organisations as well as a ransomware action plan.

Data security is a fundamental obligation of businesses that receive customers’ personal information, especially sensitive health information. They must know what personal information they hold, where it is held and who has access.

A data breach response plan requires information technology security experts to investigate the cause and close the breach.

Management must have prompt, honest communication with at-risk customers, affected third parties, regulators and police.

There are potentially serious financial and reputation consequences for organisations that lose dissatisfied customers while the board and management investigate the cyber attack, explain the failure to secure and defend customer data and restore the business to normal.

For public companies, there is also the risk of investor class actions as a result of shares losing value while the market factors in customer remediation costs, possible ransom payments and regulatory penalties.

If you found this article helpful, then subscribe to our news emails to keep up to date and look at our video courses for in-depth training. Use the search box at the top right of this page or the categories list on the right hand side of this page to check for other articles on the same or related matters.