The number of phishing emails received by Australians surged by 30% last year, new research by security firm Abnormal Security has found. Cybercriminals have increasingly targeted the Asia-Pacific region, partly because it is becoming a larger player in critical industries like data centres and telecoms.
For APAC as a whole, credential phishing attacks rose by 30.5% between 2023 and 2024, according to the research. New Zealand saw a 30% rise, while for Japan and Singapore, it was 37%. Out of all the types of advanced email attacks, including business email compromise and malware deployment, phishing saw the biggest increase.
“The surge in attack volume across the APAC region can likely be attributed to several factors, including the strategic significance of its countries as epicentres for trade, finance, and defence,” said Tim Bentley, Vice President of APJ at Abnormal Security said in a press release.
“This makes organisations in the region attractive targets for complex email campaigns designed to exploit economic dynamics, disrupt essential industries, and steal sensitive data.”
SEE: 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year
Between 2023 and 2024, the median monthly rate of all advanced email attacks rose by 26.9% across all of APAC, including Australia, New Zealand, Japan, and Singapore. This encompassed a 16% increase from Q1 to Q2 2024, and a 20% increase from Q2 to Q3.
While phishing was the dominant attack type, BEC attacks — including executive impersonation and payment fraud — also grew by 6% year-over-year in APAC. According to Abnormal Security, the average cost associated with one successful BEC attack exceeded USD $137,000 in 2023.
Australia’s cyber immaturity and the AI boom are causing a perfect storm
The news that Australia is prone to cyber attack is not entirely new. A Rubrik survey from last year found that Australian organisations reported the highest rate of data breaches compared with global markets in 2023.
Antoine Le Tard, vice president – of Asia-Pacific and Japan at Rubrik, said at the time that Australia was a favourite target partly because the country “is a mature market and early adopter of cloud and enterprise security technologies,” and therefore may have prioritised rapid deployment over