Aussies Face Reduced Cybercrime Risk, as Pressure Shifts to SMBs

Australians have been breathing a sigh of relief in recent years as cybercrime rates have decreased significantly. According to a survey conducted by the Australian Institute of Criminology (AIC), individuals in Australia experienced fewer cybercrimes in 2025 compared to 2024, with relatively few consequences resulting from these incidents. However, this positive trend is not shared equally among all groups: small and medium-sized businesses (SMBs) are bearing the brunt of increased pressure and risk.

One key factor contributing to the decline in individual cybercrime rates is the shift in protection responsibilities. No longer do individuals bear the sole burden of protecting themselves against cyber threats. Instead, companies that provide essential services, such as banks, phone providers, and browser vendors, have taken on more responsibility for safeguarding their customers’ online security. This includes implementing measures like browser sandboxing, automatic patching, account monitoring, and transaction controls.

The survey results paint a mixed picture. On the one hand, fewer Australians reported being victims of cybercrime in 2025 compared to the previous year. Online abuse and harassment, identity-related crimes, financial account compromise, unsolicited sexual material, and impersonation all trended downwards. Moreover, most victims (76% to 86.5%) experienced minimal financial losses, with only a small percentage losing more than AU$10,000.

However, these positive indicators came despite a marked decline in personal cybersecurity hygiene. Fewer Australians reported using antivirus or firewalls on their devices, spam-filtering software, or different passwords for different online accounts. Additionally, fewer respondents said they avoided clicking suspicious links and attachments.

The consequences of cybercrimes did become more severe for individuals who own or manage businesses, however. Many SMB owners faced legal and staffing fallouts as a result of these incidents. This shift in risk highlights the importance of companies taking proactive measures to protect their customers’ online security.

Justin Allen, senior manager of security operations at Huntress, emphasizes that while personal cyber hygiene is no longer the sole responsibility of individuals, it still matters. “The line has moved,” he explains. “If attackers cannot reliably break the system, they try to work around it by manipulating the person.” Social engineering and relationship-based attacks are increasingly becoming more prevalent as a result.

In practical terms, this means that Australians need to be aware of the risks associated with social engineering tactics and maintain basic personal cybersecurity habits, such as using strong passwords and being cautious when clicking on links or attachments. While companies are taking on more responsibility for online security, individuals still play a crucial role in protecting themselves against cyber threats.

Ultimately, the decline in individual cybercrime rates is a welcome trend, but it also underscores the need for vigilance and awareness among Australians. As companies take on more of the burden of protection, individuals must remain mindful of their own vulnerabilities and take steps to safeguard their online security.


Source: Dark Reading — 2026-07-02