Cyber Threats on the Rise: Healthcare & Finance Sectors Hit Hardest

A recent report from cybersecurity firm CyberCX has revealed the most impacted Australian industries for cyberattacks in 2024:

1. Healthcare – 17% of all attacks
2. Financial Services – 11% of all attacks
3. Education – 8% of all attacks

These industries hold vast amounts of sensitive personal data, making them prime targets for cybercriminals.

The report also highlights that almost half of Australia’s population have had their own data stolen. Many Australians were impacted by theft of data in April 2024, when electronic prescription provider MediSecure had a cyber-attack. Just two months after the attack, the company went into administration – demonstrating the potential devastating financial and reputation impact of cyber breaches.

Key Cyber Threats in 2024

Cyber CX identified Business Email Compromise (BEC) as the top cyber threat. This is where attackers send fraudulent emails to deceive employees into transferring funds or sharing confidential information. Other leading attack methods included unauthorised access and cyber extortion.

Concerningly, cyber espionage attacks were found to have been going undetected for an average of more than 400 days, allowing hackers prolonged access to sensitive systems.

Another takeaway from the report is the importance of understanding your third-party service providers and where your data is stored. Many businesses mistakenly assume they are safe from cyberattacks if a third party is breached. However, these incidents can still lead to data leaks and operational disruptions which may result in lost income, loss of customer trust, and even potential liability claims against the business.

CyberCX’s Recommended Actions

To strengthen cybersecurity resilience, CyberCX recommends the following steps:

1. Identifying likely threats and attack methods
2. Ensuring security systems and cloud configurations are up to date
3. Monitoring access controls and user activity
4. Detecting and responding to anomalous behaviours
5. Aligning risk settings with industry standards
6. Regularly testing for vulnerabilities
7. Developing a long-term cybersecurity strategy
8. Preparing an incident response plan, including communication protocols.

With cyber threats growing in scale and sophistication, cybersecurity is no longer just an IT issue, it’s a business-critical priority to protect your data, customers and operations. If you would like to learn more, please contact us here.

This communication is for general information purposes only and does not take into account any specific individual’s or business’s objectives, financial situation or needs. Before acting on any of the information provided herein, you should consider how it applies to your specific circumstances and contact an insurance broker and / or other appropriately qualified professional to discuss. Any advice given on what is or is not covered under any specific insurance policies is general only. You should always refer to the relevant PDS and policy wording to determine whether the coverage is appropriate for your individual circumstances.

Author: Olivia Taylor

References:

Cyber CX 2025 Threat Report  https://connect.cybercx.com.au/dfir-threat-report-au-2025

Please contact one of our advisers if you would like further information on this article.