This is the first report in the Cybercrime in Australia series, which aims to provide a clearer picture of the extent of cybercrime victimisation, help-seeking and harms among Australian computer users. It is based on a survey of 13,887 computer users conducted in early 2023. In the 12 months prior to the survey, 27 percent of respondents had been a victim of online abuse and harassment, 22 percent had been a victim of malware, 20 percent had been a victim of identity crime and misuse, and eight percent had been a victim of fraud and scams. Overall, 47 percent of respondents experienced at least one cybercrime in the 12 months prior to the survey—and nearly half of all victims reported experiencing more than one type of cybercrime. Thirty-four percent of respondents had experienced a data breach. Cybercrime victimisation
was not evenly distributed, with certain sections of the community more likely to have been a victim, and certain online activities associated with a higher likelihood of victimisation.
Most cybercrime victimisation went unreported to police or to ReportCyber, meaning official statistics significantly underestimate the size of the problem. Satisfaction with the outcomes of these reports was mixed, and relatively few reports resulted in an offender being apprehended. Rates of help-seeking varied and were influenced by the perceived seriousness of cybercrime and knowledge of how and where to report it.
The financial losses experienced by victims were wide ranging. Some victims reported losing large sums of money, but most victims reported relatively small financial losses. This report measures, for the first time, the harms experienced by individual victims and small businesses that extend beyond these financial costs. Twenty-five percent of respondents were negatively impacted by cybercrime in the 12 months prior to the survey, while 22 percent of respondents who owned or operated a small to medium business said their business was negatively impacted by cybercrime.