Medium and large businesses however fared comparably better with their losses shrinking.
Small businesses were hit particularly hard by cybercrime over the last financial year with average reported losses increasing by 8 per cent to $49,615 per incident.
This is according to the Australian Signals Directorate’s (ASD) Annual Cyber Threat Report for 2023-24, which bases its findings on reports made to the agency during the 12-month period.
While small businesses were hit hard, both medium and large businesses fared comparably better, with cybercrime-related losses down 35 per cent to $62,870 and 11 per cent to $63,602, respectively.
On a state and territory basis, the country’s east coast largely suffered the most, with the bulk of reports coming from Queensland with 29 per cent of reports, Victoria with 27 per cent and NSW with 30 per cent. However, the ACT and Tasmania accounted for 2 per cent apiece.
As for the rest of the country, 12 per cent of reports came from Western Australia, 6 per cent came from South Australia and the Northern Territory accounted for just 1 per cent.
NSW however proved to be the most costly state to suffer a cybercrime attack in, with financial losses coming in at around $86,000 per report, followed by Victoria with losses of around $66,000 per report.
Email compromises ranked as the top cybercrime type for businesses reported to law enforcement, making up 20 per cent of reports, followed by business email compromise fraud and online banking fraud, which both came in at 13 per cent each.
The highest ranking industry to report a cybercrime was retail, which was responsible for 15 per cent of reports, followed by professional, scientific and technical services at 13 per cent, construction at 12 per cent, financial and insurance services at 8 per cent and other services at 7 per cent.
In July, the ASD released a warning about the People’s Republic of China state-sponsored cyber group APT40, which used compromise infrastructure, including small-office/home-office devices, to launch attacks.