Fewer Australians used basic online safety strategies in 2024, leaving researchers concerned “there may be some apathy or even defeatism creeping in”, according to the government's criminology agency.
Researchers at the Australian Institute of Criminology (AIC) previewed unreleased data from the 2024 Cybercrime in Australia survey at the agency’s official conference in Canberra this week.
The study, which surveys a minimum of 10,000 Australians who are representative of the wider population, found while protective security behaviours dropped slightly in 2024, researchers were not yet sure why.
While the research found more Australians reported using a secure password manager in 2024 compared with 2023, fewer reported using simple techniques to improve their online safety, potentially leaving them at higher risk of falling victim to cybercrime.
Fewer respondents checked or changed their privacy settings on social media, installed or used antivirus software, or used parental controls on the devices of their children, according to the AIC.
Fewer Australians also reported avoiding clicking links from unknown senders, or contacting organisations directly if they were skeptical of an email or message they received.
'The short answer is we don't know what's happening'
The AIC study typically examines four broad categories of cybercrime: online abuse and harassment, malware, ID crime and misuse, and fraud and scams.
Anthony Morgan, a research manager at the AIC, told the agency’s conference on Tuesday that researchers were not sure why fewer Australians appeared to be taking steps to protect themselves from such crimes.
“The short answer is we don’t know what’s happening, but respondents were not taking important but simple steps to improve their online safety,” he said.
“… The worst-case scenario is that there may be some apathy or even defeatism creeping in, and computer-users becoming less vigilant online.”
Australia has experienced a rise in ransomware attacks and a spike in major data breaches in recent years, with cyber incidents involving the likes of Optus, Medibank, Latitude Financial, MediSecure, and Australian Clinical Labs leaving millions of people more vulnerable to cybercrime.
The AIC also found there was a drop in Australians checking or updating their social media privacy settings last year, which could be related to the survey finding Australians used such platforms less frequently in 2024, Morgan said.
“Similarly, the decrease in the proportion of respondents who verified the details of organisations that had contacted them, or who had avoided clicking links from people they didn’t know, may be because of the efforts that have been taken by government and the private sector to block scammers from reaching potential customers or victims, thereby reducing the need to take preventative action,” he said.
AIC research manager Anthony Morgan speaks at the 2025 AIC Conference in Canberra. Photo: Supplied
Rise in cybercrime's 'real-world harm'
While the AIC’s 2024 survey found a slight increase in cybercrime victims seeking help from authorities, there was also an increase in social and health impacts from cybercrime, including victims having difficulty sleeping or using drugs and alcohol, Morgan said.
Some respondents reported they were embarrassed, had their reputation damaged, or lost their trust in people following their experience.
“While these are still relatively rare harms, cybercrime causes real-world harm to victims beyond the immediate financial losses,” Morgan said.
Overall rates of help-seeking remained relatively low in 2024, which Morgan said meant the data “still significantly underestimates the scale of the problem”.
“We found that around one in 10 victims made an official report to either police or [the government reporting tool] ReportCyber,” he said.
“... This is despite the fact that many victims experienced both financial and non-financial harms from cybercrime.
“This includes individuals and also small and medium businesses, who continue to report a wide range of harms to their business from cybercrime.”
While cybercrime victims who sought help may be more likely to implement strategies to keep themselves safe online, many people were still not sure how to report a cybercrime, or were worried their experience was not serious enough, Morgan added.
AIC researchers did not share results about how different demographics protected themselves online, but Morgan said the narrative that older people were overwhelmingly the ones falling victim to cybercrime “just doesn’t play out in the self-reported data”.
The AIC is expected to survey parents about their perceptions of Australia’s forthcoming under-16s social media ban in the coming months.
The agency said it had received support to conduct its Cybercrime in Australia survey again in 2025 and 2026.
