00:00 This is showing that not only is cybercrime attracting or attacking Australia's federal
00:08 government agencies, its institutions, critical infrastructure across the country, it is also
00:14 targeting everyday Australians because we have seen these 94,000 reports to law enforcement
00:20 agencies of cybercrime in the last financial year. That is an increase of 23% on the previous
00:28 year. ASD, the Australian Signals Directorate who have compiled this report, have said that
00:33 may well be the tip of the iceberg because in many instances people may not actually
00:37 be reporting that they have been the victim of cybercrime. A lot of these reports, quite
00:42 interestingly, are coming out of Queensland and Victoria. It is not necessarily the case
00:47 that those two states are more of a target when it comes to cybercriminals. ASD thinking
00:52 that people there are just more vigilant and more diligent when it comes to actually reporting
00:57 those incidences. We know that there has also been an uptick in the average cost to businesses
01:04 for cybercrime incidents. If we take small businesses as an example, back in 2020-2021,
01:11 the average cost of a cybercrime incident was around $30,000. That has now lifted to
01:16 $46,000 in the last financial year. It is a fairly sobering set of statistics that ASD
01:22 is presenting there. At the more serious end of the spectrum, the incidences where ASD
01:28 has had to step in and try to tackle cybercriminals as they are undertaking those cyberhacks or
01:34 try to stem the damage that is being experienced by large companies and agencies like that,
01:41 that number of attacks has remained fairly steady at around 1,100 events over the last
01:45 financial year. But instances where there were extreme examples or exceptional compromises
01:52 of sensitive data have risen from two to five incidents in the last financial year. When
01:58 we talk about those more serious occasions or those more serious examples of hacking,
02:03 a lot of the attention goes to whether or not they are state-backed. ASD this morning
02:08 is pointing the finger at China as the main backer of state-sponsored cybercrime. There
02:14 is daylight between China and the next country on their list, which is Russia and then to
02:18 a lesser extent Iran. This presents something of a conundrum for the government at a time
02:23 when it is trying to stabilise its relationship with Beijing but also having intelligence
02:28 agencies call out China's behaviour in this space. A point not lost on the Deputy Prime
02:33 Minister and Defence Minister, Richard Miles, earlier today.
02:37 The relationship with China is complex. We have made that point from the very start.
02:43 That's actually why we need to be making sure that our diplomacy is excellent with China
02:48 and that we stabilise the relationship. But we've never pretended that this relationship
02:56 is easy. Matthew, why are intelligence agencies concerned
03:00 about the level of cooperation from some companies? Well, Karina, there is a fear that some companies
03:06 are effectively lawyering up before they go to ASD to alert them of a cyber incident.
03:11 They're concerned that if they hand over too much information to the digital spy agency
03:16 that that information could be used against them later on in a class action in court,
03:21 for example, or by other regulators who are pursuing those companies for allowing data
03:26 breaches to occur. The situation facing ASD is that they have asked the federal government
03:32 to consider new powers that would effectively ring-fence information the agency is given.
03:37 So a company can come to them, put everything on the table and say, "This is the set of
03:41 circumstances we're facing. Please help," and then not fear that that information is
03:45 going to be used for other purposes later on. It's a model that is used in the United
03:50 States and something that the federal government has said it is considering because it wants
03:54 to boost confidence in ASD and also boost that level of cooperation to ensure that cyber
04:00 attacks are tackled as soon as they eventuate.
04:03 [BLANK_AUDIO]
Comments