The first half of 2025 (H1 2025) has seen a marked escalation in cyber threats across Australia and New Zealand, with ransomware activity showing a significant year-on-year increase.
A global survey commissioned by Arctic Wolf found that 45% of IT and cybersecurity leaders in Australia and New Zealand view intellectual property protection, data privacy, and regulatory compliance as their main security priorities for the coming year. This contrasts with global trends, where AI adoption is the primary focus.
The survey also revealed that 85% of organisations in the region experienced at least one cyber incident in the past year, compared to a global average of 76%.
Firms in Australia and New Zealand were also more likely to pay ransomware demands, with nearly three-quarters admitting to making payments to prevent data exposure. Of those, 91% worked with external negotiators, although less than half achieved a reduction in ransom amounts.
According to recent research from Cyble, ransomware incidents in Australia reached 57 cases during H1 2025, while New Zealand reported seven.
The sectors most frequently targeted included healthcare, financial services, education, and critical infrastructure, highlighting the broader implications for both economic and national security.
Threat actors have shifted their focus and tactics over the period. The first quarter saw Sarcoma and Safepay as the most active groups, but Akira, Lynx, and INC Ransom became more prominent in the second quarter.
In New Zealand, DragonForce was responsible for a third of ransomware incidents.
The manufacturing industry was a particular focus for Akira, while healthcare remained the most affected sector overall, followed by construction and professional services.
Double extortion tactics, where attackers both encrypt and threaten to leak sensitive data, have become more common.
The average ransom demand in the region now exceeds US$750,000, with small and medium-sized enterprises (SMEs) and healthcare organisations among the most impacted.
Phishing attacks in Australia and New Zealand have become more sophisticated with the adoption of artificial intelligence by cybercriminals.
These attacks increasingly involve impersonation of government agencies for tax and regulatory scams, as well as targeted spear-phishing campaigns aimed at senior executives.
The use of workplace collaboration tools, such as Slack and Teams, for phishing attempts has also grown, introducing new risks for organisations.
Cyble recommends that businesses move beyond traditional security awareness training. Instead, dynamic simulations that reflect the latest AI-driven social engineering tactics are necessary to help employees recognise and respond to evolving threats.
Incidents involving IT and software supply chains have increased, with Cyble’s data showing a 25% rise in such attacks compared to the previous year.
The monthly average of supply chain-related incidents climbed to over 16, with recent months seeing nearly 25 per month.
Most attacks targeted technology and telecommunications firms, raising concerns about downstream impacts across multiple industries. Only mining and real estate have largely avoided these incidents so far.
Cloud infrastructure security has also come under scrutiny. Misconfigured permissions, exposed databases, and unpatched services are common entry points for attackers.
Cyble’s tools identified over 200 billion exposed files in cloud storage across several major providers.
There has also been a rise in crypto-mining malware exploiting cloud resources, which can result in both financial and operational consequences for affected organisations.
Emerging risks include the use of AI to automate the creation of exploit code and phishing kits, as well as the deployment of deepfake audio and video in business email compromise (BEC) schemes.
Zero-day vulnerabilities in widely used software have also been exploited more frequently, underscoring the need for timely threat intelligence and rapid patching.
Industry leaders are advised to prioritise ransomware preparedness at the executive level, strengthen supply chain risk management, and implement continuous monitoring of cloud environments. Regular incident response exercises and updated response plans are recommended to improve resilience.
