Australian Cybercrime Highlights Need for Cybersecurity Investment

In 2022 and 2023, Australia was hit by the largest cybercrimes in the country’s history, bringing the importance of adequate cybersecurity to the fore. Millions of Australians were trapped in attacks to major companies including Optus, Medibank and, Latitude Financial.

These instances of large-scale cybercrimes in Australia underscore the need for spending in cybersecurity as a frontline defence to protect individuals, companies, and national security in the online arena. This structural shift will likely open an opportunity for investors as the cybersecurity thematic gains traction on a broader scale.

Cybercrime is on the Rise in Australia

More than 76,000 cybercrimes were reported in the 2021-22 financial year – approximately one report every seven minutes.¹ From July to December 2022, data breach notifications jumped 26%, with 70% of reported breaches confirmed as malicious or criminal in nature.² Fraud accounted for the largest portion of cyberattacks in Australia at 26.9%, while online shopping and banking represented 14.4% and 12.6% respectively.³ And from an organisational perspective, medium-sized businesses suffered the hardest financial losses due to cybercrime – coming in, on average, at over $88,000 per attack.⁴

Eyes and Wallets Open After Large-scale Attacks

Optus was the first in a string of major attacks on Australian companies which began in September 2022. Personal details and identification information such as passport, licence and Medicare numbers of almost 10 million past and present customers were accessed by hackers. Optus was subject to harsh backlash from the government and media, plus they lost at least 10,000 customers by mid-November 2022 due to the incident and poor communication to stakeholders. It is estimated the attack cost Optus in excess of $140 million.⁶

Medibank became the next victim in October 2022. Approximately 9.7 million people were left vulnerable after hackers held customers’ data hostage, demanding a ransom before leaking the sensitive information – including private health records – on the dark web. In June 2023, the Australian Prudential and Regulation Authority (APRA) instructed Medibank to set aside $250 million in extra capital to facilitate a remediation programme.⁷

Around 14 million Latitude Financial customers had their details stolen by cybercriminals in March 2023. Credit card and bank account information, copies of passports and driver licences, and monthly account statements were among the compromised items.⁸ The incident is being investigated by the Office of the Australian Information Commissioner (OAIC) and the New Zealand Office of the Privacy Commissioner to determine whether Latitude’s security was adequate.

Investment Potential – Private and Public Spending

After these cyberattacks, the Australian Information Commissioner and Privacy Commissioner said “the likelihood of other attacks, such as targeted social engineering, impersonation fraud and scams, can increase” – underscoring the need for businesses to invest more heavily in cybersecurity. Moreover, as organisations, consumers and governments become ever reliant on digitalisation, they will inevitably be left more vulnerable to cybercrime unless proper cybersecurity is put in place. For instance, the rise of hybrid and remote working has elevated online risks and the Cisco Cybersecurity Readiness Index shows only “15% of organisations globally are deemed to have a mature level of preparedness to handle the security risks of hybrid work”.⁹

Government intervention is a key driver for further investment in cybersecurity in Australia. In the 2023-24 Federal Budget, $200 million was allocated to cybersecurity initiatives.¹⁰ During the previous year, almost $10 billion was committed to the Australian Signals Directorate (ASD) for a nationwide expansion of cybersecurity capabilities over the coming decade.¹¹ Regarding the private sector, the Australian Information Security Association (ASIA) says spending on cybersecurity will need to increase from $5 billion to $10 billion annually if Australian businesses are going to meet government standards and safeguard customers.¹² This growth will see Australian businesses bolster their cybersecurity spending – a trend which is happening around the globe. Hence, investment opportunities in cybersecurity are set to expand as domestic and international demand intensifies over the near and longer-term.

Cyber-Securing the Future

Australia’s brush with cybercriminals has woken up consumers, businesses and the government to the present and future threats of cybercrime. As investment in this space accelerates locally and around the world, companies at the cutting-edge of cybersecurity stand to benefit from widening adoption. The Global X Cybersecurity ETF (ASX: BUGG) aims to capture this growing megatrend by offering exposure to these leading, pure-play cybersecurity companies. For more details on the cybersecurity thematic, read the BUGG investment case here.