.webp)
.webp)
Cybercrime is now a persistent and growing threat in Australia. In the past year alone, large-scale cyberattacks have exposed the personal data of millions of Australians, with breaches impacting sectors ranging from healthcare and financial services to major consumer and transport platforms.
New research from Cohesity shows that Australian organisations are now experiencing the highest rate of material cyberattacks globally. More than eight in ten (85%) businesses have reported a materially impactful cyberattack within the past 12 months, well above the global average of 54%. Alarmingly, 41% of these enterprises were repeat victims, demonstrating the escalating cyber threat and the urgent need for stronger cyber resilience strategies in Australia.
The scale of cyber risk
The business impact is severe. Almost all affected Australian enterprises (91%) report revenue loss following an attack, with a third losing up to 10% of annual revenue. Leadership teams also face intense scrutiny, with more than three-quarters of private organisations reporting board-level pressure to remove senior executives after a breach.
The business impact extends beyond financial fallout or regulatory pressure. More than 40% of organisations lost clients directly due to cyberattacks, with nearly one in ten losing over 15% of their customer base.
The cost of cyberattacks
Critical sectors like healthcare and financial services remain prime targets. Last year's attacks on major superannuation funds, including AustralianSuper and Rest, exposed thousands of member accounts, a reminder that even highly regulated institutions are not immune.
These examples expose a deeper problem: Australia's cyber resilience is not keeping pace with the threat. As artificial intelligence lowers the barrier to entry for cybercriminals and accelerates the scale of attacks, the risks facing organisations will only intensify. The question is no longer if a breach will occur, but how well businesses are prepared to respond.
The new playbook for cyber resilience
Cyber risk looks different for every industry, but the foundations of resilience are the same: reduce exposure, recover fast, and know your data. Yet many organisations are still underprepared. Cohesity research shows only 56% of Australian businesses are fully confident in their cyber resilience strategy, while more than half admit their recovery plans need testing.
Here is a simpler, more practical playbook for leaders.
1. Protecting data is the critical first step in reducing cyber risk, but many organisations struggle because you cannot secure what you cannot see. With data sprawling across cloud, SaaS, and on-premises systems, gaps appear. Businesses should consolidate data protection across environments to reduce complexity, close security blind spots, and limit the attack surface.
2. Ensure data is always recoverable. Backups are a prime target for attackers. To ensure data can be restored when it matters most, organisations must lock down backups with measures like immutability, access controls, and separation of duties. Fast, reliable recovery reduces downtime and removes leverage from ransomware groups.
3. Detect and investigate threats. Cyber resilience is not just about recovery; it is about early warning. Regularly scanning backups and environments for malware or suspicious changes helps organisations spot threats sooner, validate data integrity, and respond before damage spreads.
4. Make identity resilience a key component of cyber resilience. Identity-based attacks such as credential theft have become a leading attack vector, and it is time for all organisations to prioritise identity resilience, a fundamental but often overlooked component of cyber resilience. When identity systems are compromised, the impact can be immediate, denying businesses access to critical digital infrastructures. Businesses should adopt a more comprehensive and modern approach that can proactively strengthen identity security posture, stop identity-driven attacks in real time, and accelerate recovery with confidence before, during, and after an attack.
5. Practise application resilience to ensure your organisation can effectively respond to and recover from cyber incidents. You would not run a fire drill for the first time during a fire. Organisations need to regularly practise cyber recovery so teams know exactly what to do under pressure. Automated recovery workflows and secure testing environments help businesses rehearse safely and confidently.
6. Optimise data risk posture. Not all data carries the same risk. By identifying where sensitive or regulated data lives, and how it is protected, organisations can assess impact faster during a breach, respond to regulators and customers with confidence, and reduce overall exposure.
Resilience is a mindset
Recovering from cyberattacks and ransomware can be challenging. Cybercriminals are constantly adapting, driven by financial gain, to breach systems and steal data. The primary goal should be to restore operations quickly while safeguarding both data and the brand's reputation.
There are established best practices that can help prevent data loss and streamline the investigation process. By basing incident response plans on concrete facts and data, the organisation can ensure it remains strong, adaptable, and ready for various challenges.
The goal is simple: restore operations quickly, protect customer trust, and remove the pressure to pay a ransom. With the right preparation, recovery becomes a business process, not a crisis.