Which Australian industries are most targeted by cyberattacks?

At-risk sectors share one "common denominator"

Which Australian industries are most targeted by cyberattacks?


By Mark Rosanes

One in every eight minutes – this was how many cyberattacks were reported to the Australian Cyber Security Centre (ACSC) during the 2020-21 financial year, putting the country in the ranks of among the most targeted nations in the world.

During the period, the agency received an estimated 67,500 reports of cybersecurity incidents, which was a 13% spike from the previous cycle. The majority of these attacks were categorised as “substantial,” with approximately a quarter affecting entities associated with Australia’s critical infrastructure.

“The increasing frequency of cybercriminal activity is compounded by the increased complexity and sophistication of their operations,” the agency wrote in its latest annual cyber threat report. “The accessibility of cybercrime services – such as ransomware-as-a-service (RaaS) – via the dark web increasingly opens the market to a growing number of malicious actors without significant technical expertise and without significant financial investment.”

The study also noted how the coronavirus outbreak contributed to the growing number of cyberattacks. The agency’s data showed that more than 1,500 of the reported malicious cyber activity during the financial year was related to the COVID-19 pandemic. The figure is equivalent to about four incidents daily. Of these, over three-fourths resulted in the loss of money or personal information.

Overall, self-reported losses from cybercrime during the period totalled more than $33 billion.

‘Gaping holes’ in cybersecurity making coverage harder to secure

In a separate report, global tech giant Thales Group cautioned that even with the level of cybersecurity measures Australian businesses are implementing, many of them are still exposed to significant cyber risks. 

Brian Grant, ANZ director at Thales Cloud Security, warned that cyber awareness training, paying ransoms, and other outdated approaches do not mitigate risks among data-dependent organisations.

“Staff turnover and inconsistent skills, combined with advanced social engineering by attackers, make cyber awareness ineffective, while paying a ransom only fosters more criminal behaviour,” he said. “It's encouraging that many businesses have increased security budgets and devised cyber-incident response plans, but a worrying lack of effective data security continues to leave gaping holes for criminals to exploit.”

These “gaping holes” were among the reasons why cyber coverage has become increasingly challenging to secure for many companies, one expert stressed.

“The cover offered by insurance providers has gained increased attention during the COVID-19 lockdowns,” wrote Scott Hesford, director of solutions engineering, Asia-Pacific and Japan at system software company BeyondTrust, in an article for Consultancy.com.au. “With many of their staff working from home, businesses are realising their pre-pandemic security measures are no longer providing the level of protection they require.

“A reliance on firewalls and other on-premise measures are simply insufficient. Home-based workers – thanks to insecure Wi-Fi, unpatched personal devices, and generally poor cyber hygiene – are more susceptible to everything from phishing campaigns to ransomware attacks and more.”

These situations, according to Hesford, have pushed cyber insurers to tighten underwriting guidelines and require customers to have certain security controls in place before they can access coverage. He added that insurance companies are becoming more selective about who they are willing to cover.

“Qualification for cyberattack coverage is being carefully assessed and potentially denied based on the answers of prospective and current customers to comprehensive security questionnaires,” Hesford explained. “Insurance companies are also increasingly hiring security professionals to help them navigate the path to insuring qualified customers and denying those who don’t qualify or otherwise pose too big a risk.”

Which Australian industries are most targeted by cyberattacks?

Several studies have been conducted to determine the industries that are most vulnerable to cyberattacks. The results vary depending on which organisation did the research, but one common denominator is that the sectors found to be the most targeted were critical infrastructure providers.

ACSC’s report revealed that almost a quarter of reported cyber security incidents affected organisations providing essential services, including education, health, communications, electricity, water, and transport. These sectors occupied the third to sixth spots of the agency’s top 10 reporting industries, trailing only government entities, which accounted for more than a third of all reported cyberattacks.

These are the sectors that reported the highest number of cybersecurity incidents during the 2020-21 financial year, according to ACSC.

  • Commonwealth government: 19.5%
  • State, territory, and local government: 15.2%
  • Professional, scientific, and technical services: 9.7%
  • Healthcare and social assistance: 7.3%
  • Education and training: 6.2%
  • Information media and telecommunications: 5.6%
  • Financial and insurance services: 4%
  • Retail trade: 4%
  • Construction: 3%
  • Manufacturing: 3.7%

Read more: Cybersecurity agency issues cybercrime warning to businesses

A separate tracking conducted by the Office of the Australian Information Commissioner (OAIC) recorded 464 cyber incidents in the second half of 2021, an increase of about 6% from the first half of the year.

Data gathered by OAIC’s Notifiable Data Breach scheme revealed that malicious or criminal attacks remained the leading source of breaches, accounting for 256 notifications, or 55% of the total, down 9% from 281 in the first six months of 2021. This was followed by data breaches resulting from human error, which took up 41%.

Healthcare was the highest reporting sector, with 18% of all breaches that the OAIC received coming from the industry. Financial services followed, disclosing 12% of the total notifications. Legal, accounting, and management services (11%), personal services (8%), education (7%), and insurance (7%) rounded up the top five industries reporting the most cyber breaches.

Data pulled from Darktrace’s customer base, meanwhile, has shown that healthcare was the most targeted industry in Australia in 2021, overtaking the financial and insurance sector, which ranked first the year prior.

The global cyber defence specialist’s early indicator analysis revealed that cyberattacks targeting the health and social care sector doubled last year compared to 2020. Figures also indicate that the trend is continuing in the first quarter of 2022, with the industry registering a 37% year-on-year spike in malicious activity.

The IT and communications sector likewise saw a 13% increase in cyber incidents, while attacks on the financial sector decreased by 35% from the same period last year.

“The sharp and significant rise in attacks on Australia’s health and social care sector suggests that attackers pivoted to targeting healthcare at a time when security teams were particularly overstretched and new infrastructures such as contact tracing, electronic test reporting, digital certificates and vaccine appointment bookings were being rolled out across the country,” the report noted.

“The continued rise in attacks likely reflects that at times of heightened geopolitical tension, for both nation-state actors and lone cybercriminals alike, critical infrastructure and services remain a top target to conduct espionage and cause maximal disruption.”

Ten biggest data breaches in Australia

Hobart-headquartered cyber resilience platform UpGuard has compiled a list of the biggest data breaches in Australia in recent years, which the firm said was aimed at helping businesses “avoid some of the common malpractices that facilitate” such incidents. Many of the incidents below were targeted at the healthcare, financial services, education, and government sectors – industries that reported the highest number of attacks last year. Here are the top 10 incidents based on the scale of impact, according to UpGuard.





Type of data compromised


Canva (graphic design platform)

May 2019

137 million users

  • Usernames
  • Real names
  • Email addresses
  • Country data
  • Encrypted passwords
  • Partial payment data


Ubiquiti Networks (communication device vendor)

December 2020

Up to 85 million people (unconfirmed)

  • Names
  • Email addresses
  • Salted/hashed password credentials
  • Home addresses
  • Phone numbers


ProctorU (online proctoring services)

July 2020

444,000 people

User records with email addresses belonging to members of more than a dozen of Australia’s top universities


Australian National University (ANU)

November 2018

200,000 students

  • Names
  • Addresses
  • Phone numbers
  • Dates of birth
  • Emergency contact details
  • Tax file numbers
  • Payroll information
  • Bank account details
  • Student academic results


Eastern Health (hospital operator in Melbourne)

March 2021

Four hospitals



Service NSW (government agency)

April 2020

104,000 people

Five million documents accessed, 10% of which contain sensitive data


Melbourne Heart Group (specialist cardiology unit in Cabrini Hospital)

February 2019

15,000 patients



Australian Parliament House

February 2019

Multiple political party networks - Liberal, Labor, and the Nationals

No sensitive data compromised


Ambulance Tasmania

January 2021

Every resident that requested an ambulance between November 2020 and January 2021

  • HIV status
  • Gender
  • Age
  • Address of each emergency incident


Northern Territory Government

February 2021

4,400 emails

Personal and business emails

Source: UpGuard



Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!