ACSC Annual Cyber Threat Report July 2021-June 2022 The Findings

Cyber Defence Team
November 10, 2022


The Australian Cyber Security Centre (ACSC) Annual Cyber Threat Report is a product of insights from across the Commonwealth, including contributions from the Australian Federal Police and Australian Intelligence Organisation. The aim is to deliver key insights to individuals and businesses alike about the threat of cyberattacks and how to protect themselves.

The third Annual Cyber Threat Report focuses on the known and emerging cyber threats impacting different sectors of the Australian economy during the 2021-22 financial year. The report helps to inform Australian businesses of the current and emerging cyber threats impacting different sectors of the Australian economy and maps how threat actors have found innovative ways to deploy attacks. The report also contains mitigation advice that all Australian businesses can implement to decrease the likelihood of a malicious cyber incident.


During the 2021-22 financial year, we have witnessed a deterioration of the global threat environment. Most notable was Russia’s invasion of Ukraine, in which destructive malware resulted in damage within Ukraine and across European networks. In Australia, the volume of attacks also rose significantly. Moreover, the sophistication of attacks made extortion and espionage possible at a greater scale than ever before.

The ACSC received almost 80,000 cybercrime reports, equating to one every seven minutes, a 13 per cent increase on the previous year. From those reports, the ACSC highlighted the following key trends:          

  • Cyberwarfare is on the rise - Russia’s use of malware to destroy data and prevent day-to-day operations in Ukraine was just one case of the cyber landscape being used as a battleground. Amongst other examples, the Australian Government attributed the exploitation of Microsoft’s Exchange Vulnerabilities to China’s Ministry of State Security.  
  • Ransomware continues to reign - ransomware remained the most destructive type of cybercrime in 2021-2022.The extortion tactics had huge costs, not just in terms of ransom payments themselves but lost productivity and reputational damage.    
  • Critical infrastructure networks are being targeted - critical infrastructure has become an attractive target to both state actors and cybercriminals. Fortunately, in 2021-22, potential disruptions to essential Australian services were stopped by defences such as network segregation and incident response.
  • Critical vulnerabilities were exploited - malicious actors persistently scanned networks with unpatched systems with a view to using them as entry points to higher-value targets. Most of the significant incidents the ACSC responded to were due to inadequate patching.          


The ACSC report provides recommendations to prepare for, protect against and respond to cyber incidents, which include:

  • Reviewing the security posture of remote workers - consider how they use communication, collaborations, and productivity software.
  • Patching vulnerabilities quickly - ensure you, your cloud service provider or your managed service provider can patch all vulnerabilities within 48 hours.
  • Using reputable providers - cloud service providers and managed service providers should implement appropriate cyber security measures.
  • Testing your security plans - detection, incident response, business continuity and disaster recovery plans should be regularly and robustly tested.
  • Reporting all cybersecurity incidents - by reporting all cybercrime and cyber incidents, the ACSC can build further intelligence and prevent others from falling victim.


While over the last financial year, there has been a heightened level of malicious cyber activity, there has also been a rise in collaboration across industry, small business, and government. The Australian Government considers cyber security and reinforcing cyber resilience to be a national priority and by working together, the digital opportunities for individuals and businesses alike remain bright.

The Annual Cyber Threat Report is a great tool to help educate you about the threats your business is facing and advise you on how to improve your security posture. To receive more insights and advice, you can read the full report or sign up to become an ACSC partner. You can also get in contact with Infotrust to discuss how to strengthen your security strategy today.