ASD 2024-25 Cyber Threat Report: What it means for your business
The Australian Signals Directorate (ASD) has just released its 2024–25 Annual Cyber Threat Report, and the message is clear: cyber threats are still rising, and small businesses remain a prime target.
Over the past year, cyber incidents, ransomware, and data breaches all climbed again, costing Australian businesses millions. Here’s what stood out to us from the report, and what it means for you.
1. Small business losses jumped 14% this year
Cybercrime now costs the average small business $56,600 per incident, up 14% from last year. Identity fraud, business email compromise (BEC), and ransomware remain the top threats, hitting smaller companies hardest.
Cybercriminals aren’t just chasing big business anymore. They’re going after local businesses with weak passwords, old systems, and unpatched devices. Why? Because it’s easier, and they know most small businesses don’t have 24/7 IT monitoring.
Our tip: If you haven’t had a cyber health check up this year, now’s the time. Our baseline assessments identify weak points before attackers do. Contact our team.
2. Attacks on “edge devices” are exploding
Edge devices are the devices that connect your network to the internet: routers, firewalls, and remote access tools. They were one of the biggest attack surfaces in 2025. The ASD found that 96% of attacks on these devices were successful.
Criminals are scanning Australian networks for old routers or misconfigured firewalls, using them as back doors into your business.
Our tip: Our team can harden these systems, from patching firmware to locking down remote access and enforcing MFA for admin accounts.
3. Ransomware still rules, and reporting is now mandatory
Ransomware remains the most disruptive threat to Australian organisations. In response, the Australian Government introduced a mandatory ransomware reporting regime for businesses with turnover over $3 million, and for any operator of critical infrastructure.
Even if your business isn’t legally required to report yet, this change signals how serious ransomware has become, and how important it is to have backups, response plans, and cyber insurance in place.
Our tip: Do you have a cyber incident response plan? Our team can help you develop one, so that you know exactly what to do if the worst happens. Better yet, our EmailSafe & DataSafe plans help protect you against ransomware infiltrating your systems.
4. The basics still work (and most businesses still skip them)
ASD’s top advice hasn’t changed, because it works:
Use multi-factor authentication (MFA) on every account
Update devices and software regularly
Use strong, unique passwords (or a password manager)
Back up critical files offline or in the cloud
Train your team to spot phishing and scams
Most breaches still happen because of missed basics, not advanced hacking.
A few small improvements can stop 90% of attacks before they start.
Stay ahead of the curve with ShadowSafe
At ShadowSafe, we help you business stay protected, compliant, and confident online.
We monitor the latest cyber trends, both national and globally, and translate them into practical security actions for local SMEs. These insights from the ASD help us improve our own service, to better protect your business from threats.
If you’d like to know how your current IT and cyber resilience stacks up against the threats highlighted in this year’s report, book a Business Assessment with our team or call us on 07 3185 1777.
