Aussies Face Reduced Cybercrime Risk, as Pressure Shifts to SMBs

Australians have reason to feel cautiously optimistic about their cybercrime woes. According to a recent survey conducted by the Australian Institute of Criminology (AIC), individuals in Australia experienced fewer cybercrimes in 2025 compared to the previous year, with relatively few consequences from those that did occur. However, this silver lining comes with a caveat: small and medium-sized businesses (SMBs) are shouldering a disproportionate burden of cybersecurity risks.

The survey, which polled over 10,000 Australians, revealed some encouraging trends. Cybercrime rates declined overall, and the financial costs associated with these crimes were relatively low. In fact, only 26.4% of surveyed individuals reported being victims of cybercrime in 2025, down from 28.8% in 2024. Furthermore, most victims (76-86.5%) reported losing less than AU$1,000 (approximately US$690) due to these incidents.

Despite these positive indicators, it’s essential to note that the survey also revealed a concerning trend: fewer Australians are taking personal cybersecurity precautions. For instance, fewer respondents said they used antivirus software or firewalls on their devices, or employed different passwords for various online accounts. Additionally, there was a slight decrease in individuals checking their privacy settings and running regular antivirus scans.

This paradox highlights a significant shift in the way cyber protection is being approached. “Protection is shifting upstream, into the platforms, telcos, and devices people already use every day,” says Brian Long, CEO of Adaptive Security. This means that companies are taking on more responsibility for safeguarding their users’ data, implementing measures such as browser sandboxing, automatic patching, and account monitoring.

However, this shift also creates new vulnerabilities. As Justin Allen, senior manager of security operations at Huntress, explains: “If attackers cannot reliably break the system, they try to work around it by manipulating the person.” This is why social engineering tactics are becoming increasingly prevalent, targeting individuals who may be more susceptible due to their lack of cybersecurity awareness.

The consequences for SMBs are particularly dire. With fewer resources and less expertise compared to larger corporations, these businesses are often ill-equipped to handle the fallout from cybercrimes. According to the survey, 58.8% of victims experienced some form of consequence, including financial losses, health issues, social impacts, or legal repercussions.

Ultimately, this report serves as a reminder that cybersecurity is no longer solely the individual’s responsibility. While personal precautions are still essential, companies must also step up and take proactive measures to protect their users’ data. As the cyber threat landscape continues to evolve, it’s clear that the line between personal and institutional cybersecurity has blurred – and businesses will need to adapt accordingly.

To minimize your risk in this new landscape, consider the following: don’t rely solely on your antivirus software or operating system for protection; instead, look for companies that offer robust security measures as part of their services. Be cautious when interacting with online platforms, especially if you’re using public Wi-Fi. And remember that social engineering tactics can be just as effective as technical exploits – so stay vigilant and educate yourself about the latest cyber threats.


Source: Dark Reading — 2026-07-02