ACSC Annual Cyber Threat Report 2020-21

At the end of every financial year, the Australian Cyber Security Centre (or ACSC) releases its annual cyber threat report, and it was no different this year… and that’s what we’re talking about today.

As a business owner, keeping things afloat is the #1 priority for many of us, resulting in technology and data security taking a back seat. However, hackers and cybercriminals haven’t gone away, so it would be a mistake to ignore them.

With numbers already on the increase in last years report due to the COVID-19 pandemic, it is no surprise that the ACSC reported another “bumper” year in terms of cybercrime activity:

Let's take a closer look at the key findings...

The Numbers

The ACSC report is filled with data, so we’ve pulled out the cyber security incident statistics that matter the most.


Calls were made to the Cyber Security hotline


Cybercrime reports made (a 13% increase)


Industry estimates of the annual financial fallout of cybercrime in the Australian economy. Up from $29b in 2019/20.

Who Got Hit
  • The ACSC responded to 182 reported cyber security incidents on small organisations or sole traders
  • Medium-sized businesses and organisations reported 341 incidents during 2020-21 FY
  • State governments, supply chain organisations, and large businesses reported 955 cyber security incidents

A breakdown of the industries is below:

Where It Happened

2020/21 saw a repeat of last years ranking for states affected by cybercrime incidents

  • Queensland was the unlucky “winner” in terms of most cybercrime reports made, with 30% of the total. 
  • Despite NSW having a million more people, Victoria actually had the second highest number of reports with 29%
  • Unsurprisingly, the Northern Territory, due to its population, reported the least number of crimes at 1%

Types Of Cybercrime
  • 23% of the reports were fraud-related
  • 17% were shopping related crimes
  • 12% were online banking cybercrimes

The ACSC notes that while the number of ransomware-related cybercrime reports is a relatively small proportion of the total number of cybercrime reports, ransomware remains the most serious cybercrime threat due to its high financial impact and disruptive impacts to victims and the wider community


During the 2020–21 financial year, the ACSC received nearly 500 ransomware cybercrime reports via ReportCyber, which is an increase of nearly 15 per cent compared with the previous 2019–20 financial year.

In the 2020–21 financial year, the ACSC also responded to nearly 160 cyber security incidents related to ransomware. The professional, scientific and technical services sector and the health sector reported the most ransomware-related cyber security incidents.

The top five reporting sectors for ransomware-related incidents accounted for approximately 50 per cent of all ransomware-related incidents reported to the ACSC during the 2020–21 financial year

You can read more on Ransomware in our blog.

Business Email Compromise (BEC)

Australian businesses are losing significant amounts of money through BEC. BEC cybercrime was one of the top cybercrime categories, making up nearly 7 per cent of the cybercrime reports received in the 2020–21 financial year.

While there has been a slight decrease in BEC reports compared with the previous financial year, self-reported financial losses have increased – total losses were approximately $81.45 million (AUD) for the 2020–21 financial year, an increase of nearly 15 per cent from the previous financial year

You can read more on BEC in our blog.

A Different Kind of “COVID Surge”

In April 2020,  near the beginning of the COVID-19 pandemic, the ACSC released a threat update around coronavirus and the methods cybercriminals were using to exploit the situation (in particular, several phishing campaigns pretending to be from the Government had been detected).

  • At the time of the update, more than 95 cybercrime reports of Australians being scammed out of money or personal information from COVID-related scam. In this current report, it has surged to over 1,500.
  • They had responded to 20 cyber security incidents that were disrupting coronavirus response service, this increased to over 130 by 2021.

Those are the highlights fo the report, if you are interested in finding out more indepth information you can download the full report by clicking the image below:

FortiTech has also put together an number of resources to help Australian businesses combat cyber attacks, you can check out all of our previous blogs to start with, or head straight to our free 14 Ways To Protect Yourself From A Cyber Attack cheat sheet.  Or if you would prefer to speak with one of the team about how we can customise a solution for your business, just get in touch.