Australian firms face surge in AI-driven cyber attacks & scams

Aon has released Australia-specific findings from its 2025 Cyber Risk Report, detailing the changing landscape of cyber risk driven by artificial intelligence-enabled attacks and third-party technology supply chain vulnerabilities.

The report finds that Australian organisations are confronting a rapidly developing threat environment where established cyber security defences are struggling to keep pace with increasingly sophisticated, AI-driven cyber tactics.

Adam Peckman, Head of Risk Consulting and Cyber Solutions in APAC and Global Head of Cyber Risk Consulting at Aon, stated,

"AI is no longer a future threat - it's a present-day reality. We're seeing relatively unsophisticated actors now wielding tools that rival state-sponsored capabilities. The barrier to entry has dropped dramatically, and the velocity of attacks is only increasing."

Among the recent developments highlighted in the report is a rise in AI-powered social engineering incidents. A notable example involved the theft of USD $25 million from a large engineering firm in the United Kingdom, after attackers used deepfake technology to simulate trusted individuals in a scam. The report notes that similar tactics have since been observed within Australia, albeit at smaller financial scale, and warns that the accessibility and ease of replication of such methods continue to grow across the sector.

Supply chain vulnerabilities are identified as another increasingly serious concern. The report indicates that several recent, high-profile Australian cyber breaches were traced to third-party compromises, where attackers targeted suppliers or vendors with less robust security practices but privileged access to client networks.

Joerg Schmitz, Cyber Risk Quantification and Analytics Leader for APAC at Aon, commented,

"Organisations must start treating their vendors as part of their own attack surface. The most lucrative attacks are those that can be scaled across multiple targets through a single compromised supplier. This is a wake-up call for Australian businesses to reassess how they manage third-party risk."

The report points out that while organisations are continuing to invest in cyber security solutions, many core controls are being bypassed or rendered less effective by the evolving tactics of threat actors. With AI now enhancing every phase of the attack chain, from the initial reconnaissance stage through to the execution of attacks, the report suggests that traditional defence strategies may no longer be sufficient.

Aon's 2025 Cyber Risk Report is based on CyQu data from more than 3,000 clients globally and analyses over 1,400 cyber events to identify emerging risks and trends. The CyQu platform allows organisations to benchmark their own cyber security maturity levels, compare against industry peers, and align cyber insurance and security strategies using data-driven insights.

The report stresses that these developments demand greater attention to both technological and organisational measures, with AI-driven threats and supply chain challenges likely to remain central concerns for Australian businesses into the next year.