Australians continue to ignore basic safety measures, a cybercrime survey has found. Photo: Shutterstock
More than 47 per cent of Australians fell victim to cybercrime in a 2024 survey which showed respondents were stagnating on passwords and falling behind on safety measures.
The Australian Institute of Criminology’s (AIC) Cybercrime in Australia 2024 report saw 10,335 Australians surveyed for cybercrime victimisation across four categories: online abuse and harassment; malware; identity crime and misuse; and fraud and scams.
Conducted between 11 July and 29 August 2024, the survey found rates of victimisation remained high compared to 2023, formal “help-seeking” remained low, and a large proportion of victims were “negatively impacted by cybercrime”.
“[Cybercrime] has evolved into a pervasive and widespread threat to Australia’s government, industries and community,” read the report.
Nearly 22 per cent of respondents had been a victim of identity crime and misuse in the 12 months prior to the survey, while an approximate fifth fell victim to malware.
The report conceded malware victimisation was difficult to measure given it “is not always possible for a non-expert to distinguish the work of a malicious actor from other causes”, though five per cent of malware victims received ransomware messages which explicitly demanded payment.
Nearly 10 per cent of respondents fell victim to fraud and scams – most commonly related to buying and/or selling products and services online – and nearly a third of those said their incidents began with a phishing message.
The most common experienced cybercrime was “online abuse and harassment”, impacting 26.8 per cent of respondents.
Nearly half of these victims said the abuse or harassment “involved a stranger online”, while 15 per cent were domestic or family violence related.
Minister for Cybersecurity Tony Burke said the survey would help ensure the government’s response is “evidence-based, targeted, and effective.”
“Remember these three simple steps to stay safe online – always install the latest software updates, use unique passphrases, and enable multi-factor authentication wherever it’s available,” Burke said.
Australians lax on cyber-hygiene
Despite a slight decrease in victimisation across all categories other than identity crime, a number of basic security measures were glaringly lacking in survey responses.
Only half of respondents used different passwords for secure online accounts such as banking, only a quarter regularly changed passwords, and approximately 42 per cent failed to use multifactor authentication for personal accounts.
Though there was a marginal uptick in password manager adoption, under two fifths of respondents installed antivirus software, used firewalls, or regularly followed security update notifications when prompted.
As for SMS and email safety, roughly one third of respondents did not avoid clicking links or attachments when they were unsure who the sender was – while a quarter said their information had been exposed in a data breach in 2024.
Jacqueline Jayne, cybersecurity expert at security company SoSafe, told Information Age cybercrime has been on a “steady increase over the last 10 years” and that the introduction of AI tools had only made worse.
“In my opinion, a lot of this comes down to ‘you don’t know what you don’t know’ or an incorrect assumption that someone else will fix it,” she said.
“As a nation, we are not addressing the core issue which is to create the ‘slip-slop-slap’ of cyber, where every Australian digital citizen has not only implemented the cyber hygiene basics, they also know why they are doing it.”
Measuring the ‘dark figure’
The report further highlighted a “dark figure” of unreported cybercrime that does not appear in official statistics.
In each of the four categories of cybercrime, less than 13 per cent of victims made official reports to police or the Australian Signals Directorate’s (ASD) reporting platform ReportCyber – meaning the “true number” of incidents involving unique victims was, at least, between 8 and 10.5 times higher than the number captured by ReportCyber.
Notably, the ASD received over 87,000 cybercrime reports in the 2023-24 financial year.
“The large number of incidents captured by official reports is a significant underestimate of the true scale of cybercrime impacting online Australian,” read the report.
Though help-seeking among victims had increased from 2023, the most common source of help, support or advice was family and friends, and over a quarter of victims did not seek help from anyone about their most recent incident.
The study also found those who had experienced more than one type of cybercrime were more likely to report suffering harms, including embarrassment, loss of trust in others, difficulty sleeping, or an increase in financial stress.
First Nations respondents had a significantly higher prevalence of victimisation across all types of cybercrime.
Click Here For The Original Source.
