Australia’s domestic spy chief has urged Australia to “wake up” after espionage costs reached $12.5 billion in the 2023-24 financial year.
The Cost of Espionage report, released Friday by the Australian Security Intelligence Organisation (ASIO) and Australian Institute of Criminology (AIC), measured the direct costs of espionage in Australia, including cyberattacks, insider threats and intellectual property theft for or by foreign governments.
Combined with the indirect costs of countering and responding to such threats, espionage reportedly bled Australia of at least $12.5 billion in the 2023-24 financial year alone.
Speaking at the Adelaide Convention Centre on Thursday, ASIO director-general Mike Burgess defined espionage as the “theft of Australian information by another country that is seeking an advantage over Australia”.
Burgess said nearly $2 billion of the estimated losses were a result of “foreign cyber spies” stealing trade secrets and intellectual property from companies and businesses.
The report found state-sponsored cybersecurity incidents – such as malware infection and unauthorised device access – cost medium and large businesses up to $1.19 billion, while government costs from cybersecurity incidents were omitted due to the use of classified data.
“I believe that we need to wake up to the cost of espionage – which is more than just financial,” said Burgess.
“We need to understand espionage is not some quaint, romantic fiction; it’s a real, present and costly danger.”
A conservative estimate
Nalin Arachchilage, associate professor in cybersecurity at RMIT University, said the $12.5 billion figure may sound “eye-watering” at first, but it’s actually “quite believable”.
“It includes both the direct costs of known [espionage] and indirect costs, such as securing networks, incident response, and rebuilding trust,” he said.
“Quantifying those costs to the dollar is nearly impossible because much of the damage is invisible – including lost trade secrets, competitive disadvantage, and national security exposure.”
Indeed, Burgess said the AIC “deliberately chose to be conservative” and strictly modelled costs it could confirm and calculate.
“The potential loss of strategic advantage, sovereign decision-making and warfighting capacity hold immense value, but not a quantifiable dollar value,” he said.
The AIC also estimated Australia’s counter-espionage efforts may have prevented ‘tens of billions of dollars’ of additional costs to the economy.
Adversaries want to recruit elected officials
Burgess emphasised Russia was a persistent espionage threat, citing the arrest of two Russian-born Australian citizens who were charged with an espionage-related offence last year, and the removal of numerous undeclared Russian intelligence officers from Australia in 2022.
ASIO says Russia poses a persistent threat to Australia. Photo: Shutterstock
The spy chief said other “obvious candidates” in China and Iran were still “very active”, while his foreword in the report warned even ‘friendly’ countries were ‘targeting anyone and anything that could give them a strategic or tactical advantage’.
“You would be genuinely shocked by the number and names of countries trying to steal our secrets,” said Burgess.
He added foreign spies were aiming to “recruit to their own cause” Australia’s elected officials, community leaders, public servants, military, industry leaders, and academics – while ASIO carried out 24 major espionage and foreign interference disruptions in the last three years.
In one incident, spies got their hands on documents related to free trade negotiations by recruiting a “security clearance holder”, while another incident saw foreign intelligence agents applying for government jobs to get access to classified information.
Other espionage goals included scouting out Australia’s defence capabilities and mapping the nation’s critical infrastructure for “potential sabotage if regional tensions boil over".
Foreign intelligence services had taken a particularly “unhealthy interest” in military capabilities associated with the AUKUS project, Burgess added.
“Defence is alert to these threats and works closely with ASIO to counter them,” he said.
Sensitive data is a target on your back
Burgess said foreign intelligence services were also broadening their targets to the sciences and technology and were trying to gain commercial advantages by scouting public and private sector projects, negotiations and investments.
This included Australia’s leading research in the Antarctic, as well as green technology, critical minerals and rare earths extraction and processing.
Academics, “business people” and journalists were also deemed potential targets of foreign spies who either conduct in-person coercion or steal sensitive data by hacking.
“In the current environment, nobody with sensitive information is immune,” said Burgess.
Indeed, Burgess emphasised an incident where spies “convinced a state bureaucrat” to log into a database and obtain personal details of dissidents to their foreign regime, while another spy tried to gain employment at a media outlet to surreptitiously shape its reporting.
On YouTube, the spy chief urged those holding sensitive information to be “alert”, “discreet” and “sensible”, and to refrain from posting about their level of access on social media.
Arachchilage told Information Age even “small startups working on cutting-edge tech” weren’t immune.
“If it’s valuable or strategic, it’s a target,” he said.
Vaughan Shanks, chief executive of Melbourne-based incident response vendor Cydarm Technologies, said although espionage threats are “persistent” and can have “vast resources at their disposal”, good cybersecurity hygiene can still be effective.
“There are many businesses that are naive to the threat or just assume the adversary is so sophisticated that resistance is futile,” said Shanks.
“More often than not they just log in with stolen or default passwords.
“By following the advice of the Australian Cyber Security Centre, businesses can achieve defence in depth and be hardened against foreign espionage.”
