Australians Are Safer Online Than Last Year — Unless They Run a Small Business
A new government survey found cybercrime fell across Australia in 2025, but small business owners are facing more legal and staffing fallout than ever before.

Key points
- 45.1% of Australians surveyed reported being a cybercrime victim in 2025, down from 47.8% in 2024.
- Fraud and scams rose from 9.7% to 11.1% of respondents in 2025, bucking the overall downward trend.
- One in four small business owners said cybercrime hurt their business in some way during 2025.
- Legal consequences for small business owners hit by cybercrime rose from 5.1% in 2024 to 7.9% in 2025.
- Staffing costs tied to cyber incidents nearly doubled, climbing from 5.9% to 10% among affected small businesses.
Australia had a measurably better year online. That is the headline finding from a survey of 10,593 Australians published this week by the Australian Institute of Criminology — the government body that tracks crime patterns nationally. Overall cybercrime fell. Financial losses stayed modest. For ordinary people at home, the news was largely good.
For small business owners, it was a different story entirely.
Why are small business owners getting hit harder?
Owning a business now carries real legal risk when a cyber incident hits. One in four respondents who owned or managed a small or medium-sized business — the kind with under 200 employees — said cybercrime disrupted their operations in 2025. That much is not new. What is new is the legal and human cost sitting behind it.
Legal fallout from cyber incidents among small business owners jumped from 5.1% in 2024 to 7.9% in 2025. Staffing costs — money spent replacing or compensating staff after an incident — nearly doubled, rising from 5.9% to 10%. The Australian Institute of Criminology suggested that people are losing jobs, or choosing to leave them, because of the pressure these incidents create.
The backdrop matters. Australia's Cyber Security Act now requires businesses to report a ransomware attack — malicious software that locks a company's files until a payment is made — within 72 hours of discovering it. Privacy law reforms have raised the potential penalties for mishandling customer data. Courts are signalling that companies cannot keep their post-incident reviews confidential. All of that pressure flows down to staff, which helps explain both the burnout and the departures.
On the consumer side, the picture was brighter. Online harassment fell from 27.1% to 24.6% of respondents. Identity-related crimes — where criminals steal personal details to impersonate someone — dropped from 22.1% to 20.4%. Between 76% and 86.5% of victims reported losing less than AU$1,000 (roughly US$690).
What is striking is that these gains came even as Australians took fewer personal precautions. Fewer people ran antivirus software (down from 39.3% to 36.2%), used different passwords for different accounts (50.9% to 47.7%), or avoided suspicious links (67.1% to 64.8%). The explanation, according to security professionals quoted by Dark Reading, is that banks, phone providers, and device makers have quietly built more protection into the background — automatic software updates, fraud monitoring, browser safety checks — reducing the burden on individuals.
That shift has limits, though. Fraud and scams rose from 9.7% to 11.1%. Ransomware reports ticked up from 2.5% to 3.1%. When criminals cannot break the technology, they go after the person — fake emails, phone scams, and manipulating staff into handing over access.
If you run a small business, review what your staff would do if they received a suspicious payment request or login alert. The legal and employment consequences of getting it wrong are growing.



