Armis has warned Australian organisations to strengthen proactive cybersecurity operations, citing a rise in cyberwarfare activity targeting local businesses. Survey data put Australia at the top of reported cyberwarfare volumes among the countries studied.
In its latest global cyberwarfare report, 72% of Australian respondents said they had reported an act of cyberwarfare to authorities, up from 56% a year earlier-the highest share in the survey.
The report also highlights growing concern about artificial intelligence in nation-state cyber operations. It found 81% of Australian IT decision-makers worry nation-state actors could use AI to develop more sophisticated, targeted attacks.
“Geopolitical tensions, AI acceleration, and unresolved security gaps are colliding, bringing the state of cyberwarfare to a boiling point,” said Armis CTO and co-founder Nadir Izrael.
“Cyberwarfare is now a constant condition; attackers are operating at machine speed, while too many organisations are still trying to defend themselves with assumptions and structures built for a very different threat landscape. Organisational leaders must heed the call and immediately enhance their proactive cybersecurity operations before it’s too late.”
Rising concerns
Australian responses show elevated anxiety about escalation and spillover effects on essential services. The survey found 84% of Australian IT decision-makers believe nation-state cyber capabilities could trigger a full-scale cyberwar that cripples critical infrastructure worldwide.
Nearly three quarters (73%) said the convergence of AI, quantum, and other emerging technologies would expand cyber-conflict capabilities in an unprecedented way. Another 77% said generative AI is shifting the geopolitical balance by enabling smaller nations to become near-peer cyber threats.
The survey also points to persistent exposure after incidents. It found 73% of Australian respondents said their organisation experienced one or two cybersecurity breaches, while 59% said their ecosystem still had not been adequately secured following an attack.
Incident response also remains heavily reactive. The report found 45% of Australian businesses said they respond reactively to a significant cyberattack, either as it happens or after it has already occurred.
Readiness gap
Despite heightened reporting and concern, the survey suggests a disconnect over the likelihood of being targeted. It found 62% of Australia-based respondents believe nation-states would never target their organisation.
The same share (62%) said their organisation had delayed, stalled, or stopped digital transformation projects because of cyberwarfare threats. Armis framed this as a drag on innovation and operational change, particularly in sectors with complex supply chains and technology estates.
Supply chain and unmanaged assets remain a major focus for attackers. Some 86% of Australian IT professionals said cyberwarfare threats increasingly target unmanaged or supply-chain assets that traditional security tools do not detect.
Confidence in deterrence sits alongside ongoing investment in preparation. Australian respondents were the most likely among surveyed countries (73%) to say “Mutually Assured Disruption” still works as a deterrent because nations share vulnerability. At the same time, 84% said their organisation has evolved its cyberwarfare readiness posture over the past three years to strengthen defences against nation-states.
“As a nation, Australia remains critically under-prepared for the escalating cyber threats we currently face, exacerbating the vulnerability of our digital and economic landscape,” said Zak Menegazzi, cybersecurity specialist, ANZ, Armis.
“Traditional security approaches that are reactive, fragmented, and blind to the full attack surface are obsolete. Organisations must urgently prioritise proactive measures to build resilience against the threat of AI-powered cyberwarfare,” Menegazzi said.
AI and ransomware
Australian respondents also reported high exposure to AI-related threats over the past year. The survey found 70% said their organisation had been impacted by an AI-generated or AI-led attack in the past 12 months-the highest share among countries surveyed.
Concern about organisational impact was widespread, with 95% of Australian IT decision-makers saying they are concerned about the effects of cyberwarfare on their organisation.
Ransomware costs also featured prominently, with budget pressure cited as a particular issue. Two thirds of Australian respondents (66%) said their organisation’s average ransomware payout exceeds its annual cybersecurity budget. The report put the average ransomware payment in Australia in 2025 at USD $15,390,000, up from USD $8,610,059 a year earlier.
Despite these risks, Australian IT decision-makers expressed comparatively strong faith in public-sector defence. The survey found 70% have confidence in their government to defend citizens and enterprises against an act of cyberwarfare.
The research is based on a study of more than 1,900 IT decision-makers globally, including 200 respondents from Australia, alongside Armis Labs data. Armis said the report includes regional and industry breakdowns and will be used as a benchmark for tracking cyberwarfare trends and preparedness in the year ahead.
