The Rise of AI in Cybersecurity: New Threats and Defences for Australian Businesses
Australia is under sustained digital attack. According to the Australian Signals Directorate's (ASD) Australian Cyber Security Centre (ACSC) Annual Cyber Threat Report 2024–25, a cybercrime is now reported in this country every six minutes — and artificial intelligence is rapidly making those attacks faster, cheaper, and harder to detect. For Australian businesses of every size, understanding how AI is reshaping both the threat landscape and the defence toolkit is no longer a technical curiosity. It is a business survival issue.
A threat landscape intensifying on home soil
The ACSC responded to more than 1,200 confirmed cyber security incidents in FY2024–25 — an 11 per cent increase on the prior year. Critically, the Centre was forced to proactively notify Australian entities of potentially malicious cyber activity more than 1,700 times during the same period — an 83 per cent jump — because organisations were not detecting intrusions themselves.
The top three cybercrimes reported by Australian individuals were identity fraud, online shopping fraud, and online banking fraud. Business Email Compromise (BEC) remains the costliest cybercrime category for Australian organisations, with threat actors impersonating executives or legitimate suppliers to redirect payments and harvest credentials.
State-sponsored actors — particularly those linked to China and Russia — continue to target Australian government networks, critical infrastructure, and business supply chains, according to the ASD report. Healthcare ransomware incidents doubled in FY2024–25, with malicious actors successfully compromising systems in 95 per cent of health sector incidents the ACSC responded to.
Critical infrastructure warning: Denial-of-Service attacks against Australian critical infrastructure surged 280% in FY2024–25, accounting for nearly a third of all incidents in that sector. Finance (32% of CI incidents) and transport and logistics (26%) were the hardest-hit industries, per the ACSC report.
How AI is supercharging attacks on Australian organisations
Artificial intelligence has fundamentally lowered the barrier to entry for cybercriminals. Tools once available only to sophisticated nation-state actors are now accessible through AI-as-a-service platforms, enabling even low-skilled attackers to launch highly targeted campaigns at scale. The ACSC explicitly flagged AI-generated phishing emails, deepfake voices, and cloned websites as emerging attack vectors making scams increasingly indistinguishable from legitimate communication.
AI-powered phishing and BEC
AI generates grammatically perfect, contextually personalised phishing emails that bypass traditional filters. BEC — already Australia's costliest cybercrime — is being amplified by AI that mimics executive writing styles and references real internal projects. The ACSC reports AI-driven social engineering is increasing the success rate of these attacks significantly.
Deepfake voice and video fraud
Synthetic voice cloning and video deepfakes allow attackers to impersonate CEOs, CFOs, and suppliers in real-time calls and video conferences. In 2024, a multinational firm's finance worker transferred $25 million after a deepfake video call with fabricated executives — a warning that applies directly to Australian finance and professional services firms.
Adaptive and automated malware
AI-assisted malware can now modify its own behaviour to evade endpoint detection tools, while information-stealer malware — highlighted as a growing concern in the ACSC 2024–25 report — exfiltrates credentials and personal data to enable follow-on attacks. Malware-as-a-service models distribute these tools widely across criminal networks.
Automated vulnerability exploitation
AI agents now conduct continuous, automated reconnaissance — scanning Australian organisations for unpatched systems and misconfigurations far faster than defenders can close gaps. The ASD report identifies credential compromise as the most common initial access method in ransomware incidents, often preceded by AI-assisted reconnaissance.
Ransomware remains the dominant disruptor: The ACSC responded to 138 ransomware incidents in FY2024–25 — and 39% of those were detected by the ACSC itself, not the affected organisation. Australia has since introduced a mandatory ransomware reporting regime for businesses with annual turnover exceeding $3 million, signalling that government expects organisations to take far greater responsibility for detection and transparency.
The ACSC's own analysis of the AI threat is clear: threat actors are using generative AI to automate and scale attacks faster than ever before. Modern attacker toolkits, combined with automation, have lowered the skill barrier and accelerated reconnaissance to the point where high-value enterprise targets — previously considered harder to breach — have become significantly more accessible.
Building AI-ready defences aligned to Australian frameworks
The good news is that AI-powered defensive tools are equally capable of operating at machine speed. The ACSC's 2024–25 report urges Australian organisations to adopt an "assume compromise" mindset — treating detection and response capability as just as important as prevention. The following defensive layers are specifically aligned to Australian guidance and the realities of the local threat environment.
Essential Eight compliance — Australia's baseline standard
Developed by the ASD and promoted by the ACSC, the Essential Eight is Australia's nationally recognised cybersecurity framework. In 2026, it has shifted from a recommended guideline to a baseline expectation across government, regulated industries, and increasingly the private sector. It directly affects how insurers assess risk, how government contracts are evaluated, and how clients judge supplier credibility. The framework is mandatory for non-corporate Commonwealth entities under the Protective Security Policy Framework (PSPF).
AI-powered SIEM and 24/7 threat monitoring
Modern Security Information and Event Management platforms use machine learning to correlate log data across networks, endpoints, and cloud environments in real time — catching anomalies that rule-based systems miss. Given that 39% of Australian ransomware incidents in FY2024–25 were detected by the ACSC rather than the victim, organisations without continuous, AI-assisted monitoring are flying blind. MSP-delivered 24/7 SOC services close this gap without requiring in-house security teams.
Phishing-resistant multi-factor authentication (MFA)
The ACSC has specifically updated its 2026 guidance to emphasise phishing-resistant MFA methods — including FIDO2 security keys and passkeys — over SMS-based codes, which can be intercepted via SIM-swapping. Given that credential theft is the leading initial access vector for Australian ransomware incidents, MFA is the single highest-impact control most organisations can implement immediately.
Behavioural analytics and anomaly detection
AI-driven behavioural tools learn what normal looks like for each user, device, and system — and flag deviations such as unusual login locations, unexpected data transfers, or out-of-hours access. This is especially effective against insider threats and compromised accounts, where traditional signature-based tools do not generate alerts because no known malware signature is present.
Automated incident response and recovery planning
The ASD's four critical actions from the 2024–25 report include maintaining tested, offline backups — because the ability to recover quickly is as important as preventing an attack. Automated SOAR (Security Orchestration, Automation and Response) tools accelerate containment from hours to seconds, while pre-tested recovery playbooks ensure operations can resume without paying ransom.
Legacy system replacement and patch management
The ASD explicitly urges Australian organisations to replace legacy technology as one of four critical national resilience actions in its 2024–25 report. With Microsoft ending Windows 10 support, outdated systems represent one of the most immediate and exploitable cyber risks for Australian SMBs in 2026. Timely patching — one of the Essential Eight strategies — directly removes the unpatched vulnerabilities that AI-assisted attackers target first.
The Essential Eight: Australia's cybersecurity blueprint
The Essential Eight, developed by the Australian Signals Directorate, identifies the eight most effective mitigation strategies against the attack methods most commonly observed in Australian incidents. It is structured across three maturity levels — ML1 through ML3 — with most private-sector organisations recommended to target at least ML2. Organisations in critical infrastructure, financial services, healthcare, and government supply chains should consider ML3, given the significant increase in targeted attacks documented in the ACSC 2024–25 report.
Application control — prevent unapproved software from executing
Patch applications — remediate vulnerabilities in a timely manner
Configure Microsoft Office macro settings — block malicious macros
User application hardening — configure browsers and apps securely
Restrict administrative privileges — limit high-risk access rights
Patch operating systems — prioritise internet-facing systems
Multi-factor authentication — phishing-resistant MFA across all systems
Regular backups — tested, offline, and recoverable within defined timeframes
The Essential Eight is not solely a government requirement. Insurers increasingly factor Essential Eight compliance into cyber insurance premiums and eligibility assessments for Australian businesses. Achieving and maintaining compliance demonstrates a documented, ASD-endorsed security posture — reducing both your risk exposure and the cost of coverage.
Practical steps Australian organisations should take now
The ACSC's 2024–25 report is clear: the organisations best positioned for 2026 are those that treat cybersecurity as a business resilience capability — not a checkbox. The cost of delayed detection continues to rise sharply, and AI is widening the gap between organisations with mature security postures and those operating on hope and legacy tools.
Adopt an "assume compromise" mindset. The ACSC explicitly urges this shift. It means investing in detection and response capability — not just prevention. If an attacker is already inside your environment, visibility and speed of response determine whether a minor incident becomes a $202,700 loss.
Align security controls to the Essential Eight. For most Australian SMBs, the Essential Eight provides the clearest, most practical path to baseline resilience. An experienced MSP can conduct an Essential Eight gap assessment and build a prioritised remediation roadmap that addresses your highest-risk exposures first.
Train staff regularly and specifically for AI-enhanced threats. Deepfake voices, synthetic phishing emails, and cloned supplier websites cannot be caught by instinct alone. Staff need to know what AI-augmented attacks look like and have clear verification protocols — especially for any request involving financial transactions or credential changes.
Consider co-managed SOC services if internal capacity is limited. Given that 39% of ransomware incidents in Australia were detected by the ACSC rather than the affected organisation, 24/7 monitoring is not a luxury. MSP-delivered managed detection and response (MDR) services provide enterprise-grade visibility without requiring an in-house security operations team.
AI-powered attackers operate continuously, at scale, and without fatigue. Meeting that threat requires the same: continuous monitoring, adaptive defences, and a partner who understands both the Australian regulatory environment and the evolving threat landscape.
Is your business ready for Australia's AI threat landscape?
We help Australian businesses assess their Essential Eight posture and build a practical security roadmap — no jargon, no obligation.
Book a free security assessment →