As we wrap up the 2022–23 financial year, the picture is clear: cyber threats are intensifying and getting pricier to fix. During 2022–23, nearly 94,000 cybercrime reports were lodged via ReportCyber – that’s a 23 per cent jump from the year before, averaging one report every six minutes. Small businesses absorbed average losses of AUD 46,000, while medium and large organisations saw AUD 97,200 and AUD 71,600 hits respectively (asd.gov.au). Globally, the average cost of a data breach climbed to USD 4.35 million in 2022 – the highest in the IBM Ponemon series to date (in.newsroom.ibm.com).
With stakes this high, Aussie organisations need to understand what drove 2022 and get ready for what’s next.
Key Trends from 2022
- Hybrid workforce challenges
Suddenly mixing office and home networks opened new gaps – unpatched routers, unmanaged personal devices and limited visibility outside corporate firewalls. - Ransomware upping the ante
Extortion groups went from simple encryption to data-leak threats, targeting sectors from health to manufacturing. - Social engineering gets crafty
Phishing, BEC, smishing and vishing campaigns leaned into pandemic fatigue and the mix of personal and work devices. - IoT and OT under pressure
With over 7 billion connected “things” worldwide, every smart camera or sensor is a potential entry point. - Cloud configuration mistakes
Mis-set storage buckets and lax identity controls kept cloud breaches in the headlines. - Supply-chain compromises
One compromised library or firmware update can cascade through hundreds of downstream systems. - Mobile malware surges
As work apps moved to phones and tablets, attackers shifted to SIM-swap fraud, rogue apps and zero-click exploits. - AI/ML: double-edged sword
Security teams lean on automation for threat detection, but adversaries are rolling out AI-driven phishing and vulnerability scanners.
These shifts mirror the insights in ASD’s Annual Cyber Threat Report 2022–23 cyber.gov.au and set the scene for 2023.
What to Watch in 2023
- Zero Trust adoption – moving from “trusted network” to “verify every user and device”
- Extended Detection & Response (XDR) – converged monitoring across endpoints, cloud and identity
- Data Security Posture Management (DSPM) – auto-discovering and classifying sensitive data, then enforcing controls
- Generative AI threats – deepfake audio/video in BEC and social campaigns
- Regulatory shifts – from the new Privacy Act changes here to global rules like EU’s NIS 2 and SEC disclosure requirements
- Supply-chain and vulnerability mgmt – continuous third-party risk scanning and rapid patching cycles
- Operational Technology (OT) security – protecting industrial control systems as more factories and critical infrastructure connect online
Planning Your Security Roadmap
- Run a tailored risk assessment – identify your unique assets, threat actors and likely attack paths.
- Adopt layered controls – mix firewalls, MFA, endpoint detection and continuous monitoring.
- Strengthen incident response – update playbooks, practice tabletop exercises and integrate with your SOC or managed service.
- Train your people – phishing drills, awareness workshops and executive briefings.
- Review third-party risk – vet your supply chain, track dependencies and mandate security standards.
- Invest in resilient backups – offline, encrypted and regularly tested.
- Embrace Zero Trust – shift from perimeter-only thinking to verifying every access attempt.
- Leverage automation – XDR, DSPM and AI-powered analytics to spot anomalies faster.
How Securitribe Can Help
At Securitribe, we’ve built our SheepDog CISO approach to guide Aussie organisations through exactly this landscape. Our team can:
- Act as your Virtual CISO – setting strategy, prioritising risks and reporting to your board.
- Deliver Governance, Risk & Compliance – aligning to ISO 27001, ASD’s ISM and other frameworks.
- Run SOC as a Service, Dark Web Monitoring and Incident Response.
- Provide Proactive Pentesting, DLP and DSPM implementations (including Concentric AI), and Security Awareness training.
- Offer flexible CyberSecurity as a Service packages so you only pay for what you need.
Let’s work together under our banner of #SecurityTogether and Security Without Compromise.
Ready to plan for the future?
Get in touch for a complimentary cyber health check and roadmap session:
Contact Securitribe
All figures are for the 2022–23 financial year unless otherwise stated.
