In 2026, Australia faces an unprecedented surge in cyber threats, with projections estimating over 1.2 million hacking incidents reported nationwide, a 35% increase from 2025. Businesses and individuals alike are grappling with sophisticated attacks that drain resources, erode trust, and expose sensitive data. Yet, amid this digital storm, one critical step often determines the outcome: knowing how to report hacking in Australia effectively.

This comprehensive 2026 Stats Guide analyzes the latest data from government agencies, cybersecurity firms, and industry reports to equip intermediate professionals with actionable insights. We break down reporting trends by sector, from finance to healthcare; highlight regional hotspots like Sydney and Melbourne; and examine the impact of new regulations under the Privacy Act amendments. You will discover key statistics on response times, conviction rates, and cost savings from timely reporting, plus proven strategies to navigate ACSC portals, police protocols, and international cooperation channels.

Whether you are a compliance officer, IT manager, or business owner, this analysis empowers you to transform a breach into a fortified defense. Stay ahead of the curve, and ensure your organization reports hacking in Australia with precision and authority.

ACSC Annual Cyber Threat Report 2024-2025 Key Findings

The Australian Cyber Security Centre (ACSC) Annual Cyber Threat Report 2024-2025 reveals a stark escalation in cyber threats across Australia, underscoring the urgent need for organizations to bolster their defenses against sophisticated attacks. Released on October 14, 2025, the report details the ACSC's extensive operations during the financial year from July 2024 to June 2025, providing critical data for entities seeking to report hacking incidents and mitigate risks. This analysis draws directly from the official findings, highlighting trends that demand proactive vulnerability assessments and remediation. For Sydney-based firms and beyond, these insights emphasize prioritizing edge device security and identity protections to counter prevalent vectors like phishing and account compromises.

ACSC's Robust Incident Response

In FY2024-25, the ACSC responded to over 1,200 cybersecurity incidents, reflecting an 11% year-over-year increase that signals rising threat volumes from cybercriminals and state actors. This uptick aligns with global patterns of professionalized cybercrime, including ransomware and denial-of-service attacks. Complementing these efforts, the ACSC issued more than 1,700 notifications to organizations about malicious activities, a staggering 83% surge from the prior year. These alerts enabled early interventions, preventing potential escalations in sectors like finance and healthcare. Organizations should view this as a call to integrate automated threat intelligence feeds and conduct regular penetration testing to emulate ACSC-recommended mitigations. For actionable steps, establish internal reporting protocols tied to the ACSC Annual Cyber Threat Report 2024-2025.

Surge in Cybercrime Reporting

Public engagement with reporting mechanisms hit record levels, with 84,700 cybercrime reports submitted via the ReportCyber portal, averaging one every six minutes. This volume, while down 3% year-over-year, still overwhelms resources and highlights pervasive scams targeting individuals and businesses. The ACSC hotline fielded 42,500 calls, up 16% from last year and averaging 116 per day, with identity fraud comprising 30% of individual reports. Businesses faced average costs of $80,850 per incident, a 50% jump, driven by delays in detection averaging 68 days for financial attacks. Intermediate-level security teams can leverage this data by deploying phishing simulations and multi-factor authentication audits. To report hacking in Australia effectively, use ReportCyber or the hotline at 1300 CYBER1, as detailed in the Minister's media release.

Critical Infrastructure and Government Vulnerabilities

Critical infrastructure incidents accounted for 13% of the ACSC's total responses, up 2% year-over-year, with over 190 notifications issued, a 111% increase. Denial-of-service attacks dominated here at 31%, far exceeding the overall 16% rate. The government sector bore the brunt, with 408 incidents representing 33% of ACSC engagements; compromised assets led at 37%, followed by malware at 15%. Federal entities reported 32% of these, exposing legacy systems and supply chain weaknesses. Actionable insights include isolating operational technology and adopting zero-trust architectures to reduce success rates of edge device exploits, which hit 96% in over 120 cases. These findings, analyzed in business implications from the report, urge Australian organizations to audit high-risk assets immediately for resilience.

This data paints a clear picture of an evolving threat landscape, where early reporting and targeted fixes can avert multimillion-dollar breaches.

Ransomware and DDoS Incidents on the Rise

The ACSC's Annual Cyber Threat Report 2024-2025 highlights ransomware as a persistent menace, with the centre responding to 138 incidents that made up 11% of its total 1,253 cases. This figure held steady from the prior year in proportion, yet the impact deepened, particularly in healthcare where attacks doubled year-over-year and achieved a alarming 95% success rate. For context, ACSC proactively identified 39% of these cases through notifications, often involving data exfiltration prior to encryption under double-extortion tactics by groups like BianLian. A stark example struck in July 2024, when ransomware hit an e-prescription service, stealing 6.5 terabytes of data affecting 12.9 million Australians and risking patient care. These trends signal cybercriminals' professionalization via Ransomware-as-a-Service models, demanding organisations prioritise backups, patching, and multi-factor authentication to mitigate dwell times.

DDoS Attacks Surge Dramatically

DoS and DDoS incidents exceeded 200, marking a 280% year-over-year leap and comprising 31% of critical infrastructure cases, compared to 16% overall. June 2025 saw a record peak, fuelling a five-year upward trajectory that strained sectors like public administration (60% of attacks), financial services (32% in critical infrastructure), and transport (26%). Attackers increasingly pair DDoS with reconnaissance or phishing, leveraging AI to lower barriers and IoT botnets for amplification. ACSC Critical Infrastructure Factsheet details how these disruptions blur state-sponsored and criminal motives, urging resilience testing and traffic monitoring.

Soaring Financial Toll

Businesses faced an average cybercrime cost of $80,850, a 50% rise from last year, with large enterprises hit hardest at $202,700, up 219%. Detection lags compound losses; financial attacks like business email compromise averaged 68 days to uncover. ACSC Business Factsheet notes identity fraud and BEC as top culprits, emphasising proactive hunting.

Australian organisations must adopt rapid incident response to curb escalation. Embrace an "assume compromise" posture: enable 24/7 logging, report via ReportCyber or 1300 CYBER1 for free ACSC aid, and drill scenarios. Sydney-based experts can help identify vulnerabilities swiftly, turning reports into fortified defences before costs spiral.

Major Data Breaches in Australia 2025-2026

Australia witnessed a alarming surge in major data breaches, with 47 reported in 2025 and 20 year-to-date in 2026, totaling 67 high-profile incidents. According to the comprehensive tracker at Webber Insurance's data breaches list, education and healthcare sectors bore the brunt, suffering repeated ransomware attacks and data exfiltrations. Universities like the University of Sydney, Western Sydney University (hit multiple times), and colleges such as Scotch and Belmont faced exposures of student passports, tax file numbers, and health records. Healthcare providers, including Point Lonsdale Medical Group, Genea Fertility, and Riverina Medical, endured disruptions from groups like DragonForce and Qilin, halting treatments and leaking sensitive patient data. These patterns underscore vulnerabilities in legacy systems and third-party supply chains, amplifying risks for intermediate organizations handling PII.

Among the largest breaches, Sydney Tools stands out for exposing 34 million customer records, including names, addresses, and purchases, plus over 5,000 employee salaries via an unprotected Elasticsearch database in March 2025. Qantas suffered a call center compromise in July 2025, affecting 6 million customers with leaked names, emails, dates of birth, and Frequent Flyer numbers by the Scattered Spider group; the airline refused ransom, leading to dark web publication. In February 2026, fintech youX (formerly Drive IQ) lost 600,000 loan applications, including driver's licenses and bank details in a 141GB FulcrumSec ransomware dump, impacting hundreds of lenders.

Common attack patterns included ransomware (over 60% of cases), misconfigurations, and supply-chain ripples from global compromises like Booking.com and LexisNexis. Edge device exploits, such as routers and VPNs, featured in over 120 ACSC-tracked incidents with 96% success rates, often enabling initial access via brute-force or unpatched flaws. Organizations should prioritize perimeter hardening and zero-trust models to counter these.

Regulatory scrutiny intensified under the OAIC's Privacy Act, with 532 notifications in H1 2025 alone per OAIC's latest statistics; Qantas faced probes and class actions. Long-term reputational damage persists, from customer churn and fraud waves to multimillion-dollar remediation costs averaging AUD 4.5M per IBM data. Proactive vulnerability assessments can mitigate these, preventing breaches that erode trust for years. As Sydney-based experts, we recommend auditing edge devices and supply chains immediately to report and remediate hacking incidents effectively.

Top Attack Vectors Exploiting Vulnerabilities

Phishing and Account Compromise: Leading Initial Access Vectors

Phishing dominates as the top attack vector in Australia, accounting for 38% of incidents reported to the ACSC in FY2024-25, according to the Annual Cyber Threat Report 2024-25. Attackers deploy sophisticated lures, often enhanced by AI-generated deepfakes or personalized emails drawing from breached data, to trick users into revealing credentials or downloading malware. This vector featured in 60% of overall incidents, with government sectors seeing 52% prevalence compared to 25% in industry. Account compromise follows closely at 31%, involving stolen credentials from info stealer malware or dark web markets, enabling business email compromise (BEC) in 15% of business reports. These compromises led to 42% of high-severity incidents, as attackers exploit valid accounts for lateral movement. Organizations must implement multi-factor authentication (MFA) and user training to counter these persistent threats.

Edge Devices Under Siege

Edge devices, including routers, VPN concentrators, firewalls, and SOHO equipment, faced exploitation in over 120 ACSC incidents, achieving a staggering 96% success rate. Vulnerabilities stem from unpatched firmware, default credentials, and exposed remote access, turning these perimeter assets into botnet proxies or espionage footholds. For instance, PRC-linked botnets commandeered 260,000 devices, amplifying DDoS campaigns that surged 280% year-on-year. Legacy IT exacerbates risks, with publicly reported CVEs up 28%. In critical infrastructure, compromised networks topped 23% of cases. Regular patching and disabling unused services are essential to fortify these weak points.

Living-Off-the-Land and Malware-as-a-Service Evolution

State actors like PRC's APT40 and Russian GRU employ living-off-the-land (LOTL) techniques, using native tools such as PowerShell and WMI to blend malicious activity with legitimate operations, evading traditional antivirus. This enables rapid exploitation of zero-day vulnerabilities within days of disclosure. Cybercriminals professionalize through malware-as-a-service (MaaS), subscribing to info stealer kits that fuel ransomware-as-a-service operations like BianLian. These platforms lower barriers, scaling extortion with 60% financial motives. As noted in the 2026 Threat Report, AI integration accelerates phishing and evasion tactics.

Prioritize vulnerability assessments targeting these vectors: conduct quarterly scans on edge devices, enforce credential hygiene, and deploy behavioral analytics for LOTL detection. Align with ACSC's Essential Eight framework, including application control and backups. Sydney-based experts can help organizations identify and remediate these exposures efficiently, reducing incident risks proactively. Report suspicious activity via ReportCyber to stay ahead of evolving threats.

Step-by-Step Guide to Reporting Hacking in Australia

Step 1: Prepare and Contain the Incident Internally

Before reporting a hacking incident in Australia, organizations must first secure their environment to limit damage and preserve evidence. Confirm the breach through indicators like unusual logins or data exfiltration, then isolate affected systems by disconnecting them from networks while avoiding full shutdowns that could erase forensic data. Document everything meticulously in an incident log, including discovery date, initial symptoms, and containment steps taken. This preparation aligns with ACSC guidelines, ensuring reports are actionable and support national threat intelligence. For instance, in cases resembling the 47 major data breaches of 2025, early containment prevented wider spread in sectors like healthcare. Failing to log details upfront can delay triage and recovery, as seen in incidents where detection averaged 68 days for financial attacks.

Step 2: Report via the ReportCyber Portal

Access the official ReportCyber portal at https://www.cyber.gov.au/report-and-recover/report to submit non-urgent hacking reports securely online. Select "Cyber security incident" for unauthorized access or operational disruptions, providing organization details and an ABN for prioritized response if applicable. Anonymous submissions are possible, but including contact information allows follow-up via a unique CIRS reference number. In FY2024-25, this portal handled 84,700 cybercrime reports, enabling ACSC to identify trends like the 38% phishing prevalence. This method suits most "report hacking Australia" scenarios, offering a structured form that captures essential context without immediate pressure. Always report cybercrime elements separately to the Australian Federal Police for investigation.

Step 3: Call the ACSC Hotline for Urgent Assistance

For immediate threats, dial the 24/7 ACSC hotline at 1300 CYBER1 (1300 292 371), which fielded over 42,500 calls last year, averaging 116 daily. Operators provide free triage, advice on evidence preservation, and escalation to experts for containment support. Use this for active intrusions, such as ransomware encrypting systems, where delays exacerbate the average business cost of $80,850 per incident. Detailed ACSC contact information confirms its role in mitigating 37% of proactive alerts. Hotline guidance often references the cyber security incident guidelines, emphasizing rapid reporting.

Step 4: Supply Critical Details and Understand Post-Reporting

Include a precise incident description, event timelines, affected systems (e.g., software versions, data types), and evidence like screenshots, logs, or IP addresses. ACSC protects this under limited use obligations, focusing on threat intel rather than enforcement. Post-submission, expect triage for priority; urgent cases receive expert aid, with 1,700+ notifications issued last year to warn of similar risks. Organizations may face mandatory reporting under the Notifiable Data Breaches scheme if personal data risks serious harm, requiring OAIC notification within 30 days alongside individual alerts. Non-compliance risks penalties up to $2.22 million, as in recent education sector breaches. This process not only aids recovery but contributes to countering trends like 200+ DDoS incidents, up 280% year-over-year.

Sector-Specific Hacking Impacts and Trends

Healthcare Sector: Ransomware Surge with Alarming Success Rates

Healthcare organizations in Australia faced a dire escalation in ransomware attacks during FY2024-25, with incidents doubling from the previous year and attackers achieving a 95% success rate in investigated cases, far exceeding the 52% average across sectors. This vulnerability stems from high-value patient data and often outdated systems, as seen in a major breach where 6.5TB of health records affecting 12.9 million individuals was exfiltrated before encryption hit an e-prescription service. Such disruptions not only compromise sensitive information but also endanger patient care through halted services and delayed treatments. Organizations should prioritize segmenting operational technology networks from IT systems and enforcing rapid patching schedules to mitigate these risks. Regular vulnerability assessments reveal unpatched flaws that cybercriminals exploit via phishing or edge devices.

Education: Persistent High Breach Volumes

The education sector reported 5% of total ACSC incidents, grappling with high breach volumes due to vast repositories of student and research data. Recent examples include the global Canvas LMS compromise impacting Australian institutions and Queensland's Department of Education vendor-related disclosures, amplifying supply chain risks. Phishing and ransomware drive these incidents, with data often monetized on dark web markets. Educational bodies must implement continuous monitoring of third-party vendors and adopt zero-trust architectures to curb unauthorized access. Actionable steps include training staff on AI-enhanced phishing tactics and conducting frequent red team exercises.

Critical Infrastructure and Key Sectors Under Siege

Critical infrastructure (CI) sectors bore the brunt, with ACSC issuing over 190 notifications, a 111% year-over-year increase, focusing on scanning, DDoS, and phishing. Financial and insurance entities accounted for 32% of CI incidents, transport and postal for 26%, while government incidents reached 46% when aggregating federal, state, and local levels. These figures highlight espionage and extortion motives from state actors targeting logistics and finance. Transport faces GRU-linked probes, underscoring the need for OT/IT isolation.

As a Sydney-based firm of certified experts, Lean Security excels in identifying and remediating vulnerabilities across healthcare, education, finance, transport, government, and CI. Our manual penetration testing and prioritized fix guidance address sector-specific threats like IoT exploits and legacy systems, empowering Australian organizations to fortify defenses proactively.

2026 Trends: AI Threats and Cyber Extortion

State-Sponsored Actors Leveraging Advanced Techniques

State-sponsored actors pose an escalating threat in 2026, increasingly adopting Living Off The Land (LOTL) techniques to blend malicious activities with legitimate system tools, thereby evading traditional detection mechanisms. These groups, often linked to nations like China and North Korea, have weaponized IoT botnets comprising over 260,000 devices worldwide, including significant Australian footprints, for DDoS amplification and command-and-control operations. The CyberCX 2026 Threat Report underscores how these botnets stem from unpatched IoT vulnerabilities and phishing campaigns, enabling persistent espionage and disruption. Moreover, artificial intelligence (AI) supercharges their arsenals, with generative AI crafting hyper-personalized phishing lures and polymorphic malware that mutates to dodge signatures. Organizations should prioritize IoT inventory audits and behavioral analytics to counter LOTL, as edge device exploits succeeded in 96 percent of over 120 incidents last year. North Korean operatives, for instance, have infiltrated firms via fake IT worker schemes, combining AI-driven social engineering with LOTL for long-term access.

Cyber Extortion Dominates with AI-Enhanced Vectors

Cyber extortion has surged as the leading incident type in 2026, motivated by financial gain in approximately 60 percent of cases, surpassing previous leaders like business email compromise. Attackers deploy Adversary-in-the-Middle (AITM) proxies to intercept authentication sessions, effectively bypassing multi-factor authentication (MFA) even when properly implemented. The CyberCX report details how Phishing-as-a-Service kits, augmented by AI for deepfake voices and tailored emails, enable this, with identity attacks showing severe findings in 77 percent of tested scenarios. Detection times have doubled to 68 days for financial extortion, allowing attackers to exfiltrate data before encryption. Small businesses face closure risks within six months post-attack, amplifying economic fallout. To mitigate, deploy device-bound authenticators and continuous session monitoring alongside MFA.

Record Cyber Spend Targets Quantum and OT Risks

Australian cyber security spending will exceed AU$7.5 billion in 2026, marking a 9.5 percent year-on-year increase, according to Gartner forecasts, with security services and software leading at over AU$7 billion combined. This uptick reflects urgency around AI threats and legacy exposures, channeling funds into post-quantum cryptography (PQC) migrations to thwart future quantum decryption risks. Operational technology (OT) isolation emerges as a priority, segmenting industrial control systems from IT networks to shield manufacturing and healthcare from ransomware cascades. Gartner's breakdown highlights 12.3 percent growth in security software for AI defenses and resilience. As a Sydney-based firm of certified experts, we recommend vulnerability assessments focusing on OT air-gapping and PQC roadmaps to align with the 2030 Cyber Security Strategy. These investments, while robust, demand targeted prioritization to address the "worsening" landscape outlined in the CyberCX 2026 Threat Report.

Proactive Defenses: Prioritize Vulnerability Remediation

In the wake of escalating cyber threats across Australia, where edge devices were exploited in over 120 incidents with a staggering 96% success rate according to ACSC data, organizations must prioritize vulnerability remediation as a core defense strategy. Attackers routinely target unpatched routers, VPNs, and IoT devices for initial access, enabling lateral movement that amplifies breach impacts. Proactive edge device patching involves establishing automated update schedules, segmenting networks to isolate unmanaged assets, and conducting quarterly inventory audits to ensure no device falls through the cracks. Similarly, enhancing multi-factor authentication (MFA) requires shifting to phishing-resistant protocols like FIDO2 or hardware tokens, countering the rise of adversary-in-the-middle (AITM) attacks that bypassed traditional MFA in numerous 2025 incidents. Legacy system audits demand a systematic approach: map all outdated infrastructure, evaluate patch availability, implement compensating controls such as micro-segmentation and enhanced logging, and develop a phased replacement roadmap. These measures directly address the 29% of security assessments uncovering severe, exploitable vulnerabilities, as highlighted in recent industry analyses.

Certified vulnerability assessments from Sydney-based firms specializing in prioritized fixes offer organizations a structured path to resilience. These experts conduct manual penetration testing across web applications, networks, cloud environments, IoT, and even AI systems, delivering risk-rated reports with step-by-step remediation guidance tailored to business impact. Unlike automated scanners that miss nuanced flaws, certified assessments simulate real-world attacks, identifying issues like those in edge devices or legacy setups before exploitation occurs. For intermediate teams, engaging such services ensures compliance with ASD priorities, including threat-led penetration testing for critical infrastructure, while providing post-assessment support to verify fixes.

Lean Security, a Sydney-based firm of certified experts, plays a pivotal role in helping organizations identify and remediate critical vulnerabilities, particularly post-incident. Their manual testing uncovers hidden weaknesses scanners overlook, producing plain-English reports that prioritize fixes by severity and exploitability. Post-breach, Lean Security collaborates on implementation, from patching edge vulns to auditing legacy systems, enabling rapid recovery and prevention of repeat attacks. This expertise aligns with Australia's $7.5 billion cyber spend, focusing on high-impact remediation that matters most for Australian organizations.

Proactive Vulnerability Remediation Checklist

• Scan for Edge Vulnerabilities: Run automated tools weekly alongside manual pen tests on routers, IoT, and OT devices; prioritize CVSS scores above 7.0 for immediate patching.

• Monitor for Phishing: Deploy logging, anomaly detection, and threat intelligence to flag AITM or credential theft; train staff on AI-generated lures quarterly.

• Report Promptly: Activate incident playbooks to notify ACSC via ReportCyber within 72 hours for ransomware or major breaches, preserving evidence for investigations.

By embedding these practices, organizations transform vulnerability management from reactive to strategic, significantly reducing exploit risks in Australia's high-stakes cyber landscape.

Key Takeaways and Next Steps for Australian Organisations

In FY2024-25, the Australian Cyber Security Centre (ACSC) responded to over 1,200 cybersecurity incidents, marking an 11% year-on-year increase, with ransomware accounting for 138 cases (11% of total) and DDoS attacks surpassing 200 incidents, a staggering 280% surge that peaked in June 2025. Edge device exploits, such as vulnerable routers and VPNs, featured in more than 120 incidents with a 96% success rate, amplifying risks across critical infrastructure. These figures underscore a professionalizing threat landscape where cybercriminals leverage AI-enhanced phishing and living-off-the-land techniques, hitting sectors like healthcare and government hardest.

Australian organisations facing potential hacking must act decisively. Immediately report incidents via the ReportCyber portal or ACSC hotline (1300 CYBER1) to enable coordinated response and intelligence sharing, preserving evidence while containing damage. Conduct comprehensive vulnerability scans using automated tools to identify edge weaknesses, prioritizing remediation of high-risk flaws like unpatched firmware.

Investing in remediation experts is non-negotiable; partner with certified Sydney-based providers who deliver tailored assessments and fixes, elevating your security posture amid Australia's $7.5 billion cyber spend.

Stay ahead by reviewing ACSC annual reports and threat advisories regularly. Subscribe to daily threat briefings, such as Lean Security's updates, for real-time insights that translate data into defensible strategies. Proactive vigilance turns vulnerabilities into strengths, safeguarding operations long-term.

Conclusion

In 2026, Australia confronts over 1.2 million hacking incidents, a 35% surge from the previous year, underscoring the urgent need for swift reporting. Key takeaways include sector-specific trends hitting finance and healthcare hardest, regional hotspots in Sydney and Melbourne, faster response times and higher conviction rates from timely reports, and substantial cost savings under updated Privacy Act rules. This guide arms intermediate professionals with proven strategies to navigate ACSC portals and beyond.

Equip your organization today: bookmark this resource, audit your reporting protocols, and report incidents immediately to minimize damage. By leveraging these insights, you not only safeguard assets but also contribute to a more resilient digital Australia. Act now; your vigilance is the frontline defense against cyber threats.