The Australian Federal Police (AFP) is drawing attention to a new report from the Australian Institute of Criminology (AIC) that shows a significant proportion of Australians who experience cybercrime – particularly scams and fraud – are likely to be targeted again.
The Cybercrime in Australia 2024 report, released by the AIC, provides detailed insights into the prevalence of “poly-victimisation,” where individuals are subjected to more than one type of cybercrime within a year.
According to the report, 42.1% of cybercrime victims in Australia experienced two or more types of cyber incidents in a single year.
Additionally, 6.6% of those surveyed reported being affected by all four main types of cybercrime:
The AIC’s findings indicate that individuals who have been victims of fraud and scams are especially vulnerable to further cybercrime.
Data shows that 80% of those who experienced fraud or scam-related incidents also encountered at least one other form of cybercrime within the same year.
This trend suggests that once a person’s information or system is compromised, cybercriminals may continue to exploit the vulnerability through various methods.
AFP Cyber Commander Graeme Marshall said the report underscores the need for ongoing vigilance.
“People who fall victim to one type of cybercrime are often at higher risk of being targeted in another way,” he said. “If they find a vulnerability, whether that’s a weak password, outdated software, or a compromised email, they’ll come back again and again – often in different ways.”
The report also highlights that the effects of cybercrime are compounded for those who experience multiple types of incidents.
Victims who reported three or more types of cybercrime were at least three times more likely to experience negative health, financial, or legal outcomes compared to those targeted by only one type.
The likelihood of practical impacts, such as time spent on recovery or implementing new security measures, rose to nearly two-thirds among those affected by all four types.
Social impacts, including disruptions to relationships and community involvement, also increased with the number of incidents.
AIC Deputy Director Rick Brown pointed out that younger Australians, particularly those aged 18 to 34, are disproportionately affected by poly-victimisation.
“Victims who seek support and guidance after experiencing cybercrime are often more likely to adopt online safety measures that help prevent future victimisation,” he said.
The AFP and AIC continue to collaborate with industry, government, and community stakeholders to address the risks associated with cybercrime.
For insurance professionals, these findings highlight the importance of proactive client education and thorough cyber risk assessment.
Insurers may need to consider the increased likelihood of repeat incidents when evaluating claims and developing cyber insurance products.
The agencies recommend several steps to reduce cybercrime risk:
Insurance professionals are encouraged to promote these practices among clients and staff, and to remain alert for signs of cybercrime affecting policyholders.
Suspicious activity should be reported through ReportCyber, and immediate threats should be directed to emergency services.
