SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Digital illustration broken padlock over australia map cyber threats
#
Malware
#
Ransomware
#
Advanced Persistent Threat Protection

Average ransomware payments in Australia halve to AUD $711,000

Fri, 14th Nov 2025
Author image
By Shannon Williams, Journalist

The average ransom paid by Australian companies following a cyber-attack has dropped to AUD $711,000, almost halving from its peak of AUD $1.35 million last year. The latest data reflects changing attitudes among business leaders towards dealing with ransomware threats and increasing preparedness across the sector.

Payment rates decline

A new survey of over 800 Australian business owners and executives found that 64 percent of local leaders who suffered a ransomware attack in the past five years had paid a ransom. This marks a considerable reduction from 84 percent reported last year.

Despite the continuing threat, fewer companies are now opting to pay, and those who do appear to be negotiating lower payments. The amount businesses say they would be willing to pay in the event of an attack also fell, now sitting at AUD $906,000 compared to AUD $1.42 million previously.

SMEs under pressure

Small to medium-sized enterprises (SMEs) remain the most likely targets of ransomware incidents. The survey found that 89 percent of businesses experiencing an attack in the past year fell into this category. Many SMEs lack the dedicated cyber security teams and resources of larger corporations, exposing them to significant risk from increasingly sophisticated global cybercriminal groups.

However, there is evidence that risk awareness and defensive measures are improving. Darren Hopkins, Head of Cyber at McGrathNicol, highlighted this ongoing vulnerability for smaller businesses.

"SMEs continue to bear the brunt of ransomware attacks. Without dedicated resources and cyber teams, many SMEs are vulnerable to being seen as 'soft targets' by cyber criminals, and we are working closely with our clients, industry partners and government to share threat intelligence and respond effectively," said Darren Hopkins, Head of Cyber, McGrathNicol

"Paying a ransom does not guarantee data recovery nor does it prevent future attacks. We know that one in five respondents have experienced multiple ransomware attacks regardless of payment," said Hopkins.

"At the larger end of town, those in businesses earning AUD $10 million plus are more likely to say they are 'very prepared' for a ransomware attack, but we urge executives not to become complacent," said Hopkins.

Changing drivers

The results suggest that the motivation behind ransom payments is shifting. Companies are influenced by several factors: insurance coverage limits are falling, regulatory and reputational scrutiny is rising, and there is increased scepticism about ransom payments being an effective recovery strategy. Enhanced executive engagement and higher levels of preparedness are also contributing to the decline in ransom payments.

Impact on supply chains

Companies affected by ransomware often experience broader business impacts beyond immediate operational disruption. Brendan Payne, Cyber Partner at McGrathNicol, noted that attacks often have a serious effect on supply chains and critical business functions.

"With more than half of respondents who were attacked and breached saying the attack had a severe or significant impact on their supply chain, it's good to see business leaders acting to safeguard their people, partners, customers and critical assets. We are seeing a shift towards more proactive resilience and recovery," said Payne.

"Year-on-year, we have also seen more organisations adopt formal board notification protocols, crisis planning and incident response plans. Our research supports this-almost a third of respondents say their business was able to successfully defend against an attack," said Payne.

Mandatory reporting

Views are shifting when it comes to regulatory measures, with 71 percent of business leaders expressing support for the new mandatory ransomware reporting requirements under the recent Cyber Security Act. This number rises to 76 percent among those who have directly experienced a ransomware incident, pointing to increased appreciation for information sharing and greater industry transparency.

Hopkins emphasised that long-term resilience depends on robust preventive investments: "You can't trust cyber criminals but you can minimise long-term damage to your business through investment in prevention, detection and strong incident response capabilities," said Hopkins.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
eBPF research shows kernel tech powering modern AI
Sarah Jane Peterschlingmann to lead ACS Queensland
Macquarie Telecom names new chief in leadership reshuffle
Reolink unveils Boxing Day deals on 4K security kit
Cloudflare reveals AI surge & Internet ‘bot wars’ in 2025

Top stories

Contrast links ADR with Datadog SIEM to cut alert noise
Artificial intelligence drives shift to real-time cyber risk by 2026
CrowdStrike unveils Falcon AIDR to secure AI prompts
Fortinet, Nvidia embed firewall security in AI fabrics
10ZiG unveils secure browser for Zero Trust endpoints