Australia Leads the World in Ransomware Attacks

Australian organisations are facing an unprecedented level of ransomware activity, with new global research

indicating that Australia recorded the highest rate of ransomware attacks worldwide over the past year.

According to a recent study by Rubrik Zero Labs, ransomware was involved in 35 percent of cyberattacks

against Australian organisations, with attackers demanding payment either to decrypt systems or to prevent

sensitive data from being publicly released.

Ransom Payments Fuel Ongoing Attacks

The research also found that 95 per cent of Australian organisations that experienced a ransomware attack

paid the ransom, one of the highest payment rates globally. Only Singapore reported a higher figure.

Cyber security experts warn that this trend contributes to Australia’s continued targeting, as ransomware

groups often focus on regions where victims have a history of complying with extortion demands.

Despite these payments, organisations continue to experience significant operational disruption,

demonstrating that paying a ransom does not guarantee a fast or complete recovery.

Identity-Based and AI-Driven Threats on the Rise

The study highlights a growing shift toward identity-driven cyberattacks, where threat actors exploit

compromised user accounts, system credentials, and machine or AI agent identities.

Among Australian security leaders surveyed, 98 per cent identified identity-based threats as their primary

cyber security concern, the highest level of concern reported across all countries included in the research.

The rapid adoption of artificial intelligence is contributing to this risk. Almost all Australian organisations

surveyed have already integrated, or plan to integrate, AI models or AI agents into their identity infrastructure.

These agents can access systems and perform actions on behalf of users or business processes, making

them highly valuable targets for attackers. If compromised, AI agents can enable attackers to move quickly

across systems, increasing the scale and impact of an incident.

Recovery Times Remain a Major Challenge

Despite high ransom payment rates, recovery times following ransomware incidents remain lengthy for

Australian organisations. None of the Australian respondents reported being able to return to normal

operations within an hour of a ransomware attack. Nearly a quarter said recovery took more than 24 hours,

while over one-third reported that full recovery could take a week or longer.

Identity infrastructure was identified as one of the most difficult areas to restore. More than 78 per cent of

Australian organisations stated it would take over 24 hours to recover identity systems, including directories,

authentication services, and access controls. These findings reinforce the importance of preparedness, staff

awareness, and strong identity management — not just technical controls.

Cloud Adoption Outpaces Security Maturity

The research also shows Australian organisations leading the global shift toward cloud and software-as-a-

service platforms, with 88 per cent reporting increased adoption. While organisations are planning to invest in

digital identity roles and skills, experts caution that innovation is advancing faster than security maturity,

increasing the risk of misconfigurations, access weaknesses, and human-driven security incidents.

What This Means for Australian Businesses

The findings serve as a clear warning for Australian organisations of all sizes. Ransomware is no longer just an

IT issue — it is a business risk driven by human behaviour, identity misuse, and everyday workplace security

gaps.

Reducing ransomware risk starts with:

 Educated and cyber-aware employees

 Strong identity and access practices

 Regular assessment of workplace systems and user behaviour

 Clear incident readiness and recovery planning

How CyberLit Can Help

CyberLit supports Australian organisations in reducing ransomware and identity-based cyber risks through

education-led security solutions.

Our services include:

For organisations seeking to protect against ransomware and strengthen workplace cyber security, please

refer to CyberLit for training and security assessment services.

Contact: info@cyberlit.com.au