ACSC annual cyber threat report released

Release details

Release type

Related ministers and contacts

The Hon Andrew Hastie MP

Assistant Minister for Defence

Media contacts

Ella Kenny (Minster Hastie’s Office): +61 437 702 111

ASD Media:

Release content

15 September 2021

Today the Assistant Minister for Defence released the second ACSC Annual Cyber Threat Report: July 2020 to June 2021 in Perth.

The ACSC Annual Cyber Threat Report details the key cyber threats Australians face, and provides critical advice on how to protect yourself online, jointly compiled by the Australian Cyber Security Centre (ACSC), the Australian Federal Police and the Australian Criminal Intelligence Commission.

As Australians in record numbers worked remotely in response to the coronavirus pandemic, the ACSC received over 67,500 cybercrime reports over the last financial year - or one every eight minutes. This is an increase of nearly 13 per cent from the previous year.

Malicious cyber actors have pivoted to exploit the COVID-19 pandemic and are actively targeting vulnerable Australians and health services to conduct espionage, and steal money and sensitive data.

Ransomware-related cybercrime reports increased nearly 15 per cent from the previous financial year, and ransomware remains one of the most serious cyber threats due to its financial and disruptive impacts.

The Assistant Minister for Defence, The Hon Andrew Hastie MP, said that cyber is the new battleground, and it is a team effort and a shared responsibility to lift the nation’s cyber defences by implementing cyber security measures.

“The Morrison Government’s first priority is to keep Australians safe both in the physical world and online,” Assistant Minister Hastie said.

“Malicious cyber criminals are escalating their attacks on Australians. We need all Australians to be vigilant by taking simple cyber security steps including using strong passphrases, enabling two-factor authentication, updating software and devices and maintaining regular data backups, as well as being on guard against malicious emails and texts.”

“Approximately one-quarter of reported cyber security incidents affected critical infrastructure organisations, including essential services that all Australians require, such as education, communications, electricity, water, and transport.”

“The health sector reported the second highest number of ransomware incidents, right at a time when Australians are most reliant on our health workers to help us respond and recover through the pandemic.”

“The Government is taking action, we have introduced legislations to ensure that in the event of a large-scale cyber attack on our critical infrastructure, our cyber and law enforcement agencies are empowered to provide greater and more immediate support to the victims. While our agencies will continue undertake cyber offensive operations against those who would seek to do us harm.”

During the 12-month period from July 2020 to June 2021, the ACSC received over 1,500 cybercrime reports that related to the COVID-19 pandemic, and removed more than 110 malicious COVID-19 themed websites, with assistance from Telstra and Services Australia.

“Through effective reporting and partnerships with foreign and domestic agencies, the ACSC was able to provide advice and assistance for over 1,630 cyber security incidents, and run 18 cyber security exercises involving over 50 organisations to strengthen Australia’s cyber resilience,” Assistant Minister Hastie said.

“I encourage every Australian business, organisation and family to report cybercrime through ReportCyber and subscribe to the ACSC’s alert service to receive free vital advice - or even better - become a Partner of the ACSC.

The ACSC Annual Cyber Threat Report is available at

The ACSC regularly posts cyber advice and step-by-step guides tailored for all Australians and Australian businesses and organisations, available through

The ACSC is contactable 24/7 via email ( or by calling the Australian Cyber Security Hotline on 1300 CYBER1 (1300 292 371).


Quick facts for the 2020-21 financial year:

  • The ACSC received over 22,000 calls on the Cyber Security Hotline – an increase of over 310% from the previous financial year.
  • The ACSC issued 39 alerts and advisories to help combat urgent and critical threats, which were viewed over 7.8 million times.
  • The ACSC removed from the internet over 7,700 websites hosting cybercrime activity.
  • Business email compromise was one of the top five cybercrime categories, responsible for over 4,600 reports to ReportCyber, nearly 7 per cent of total cybercrime reports received. The average reported loss from business email compromise was around $50,600, up 54 per cent from the previous financial year
  • Cybercrime reported through ReportCyber cost on average:
    • Small business – almost $9,000
    • Medium business – over $33,000
    • Large organisation – over $19,000
  • Commonwealth, state, territory, and local government accounted for around 35 per cent of cyber security incidents.
  • Category 4 ‘substantial incidents’ accounted for 49% of the total number of incidents, broadly indicating that the cyber security incidents received by the ACSC increased in impact and severity from the previous financial year.

Other related releases