Australian organisations are now placing cybersecurity at the peak of their risk-management agendas, according to the latest Aon plc 2025 Global Risk Management Survey. The study, which included nearly 3,000 risk leaders across 63 countries including Australia and New Zealand, identifies “cyberattacks and data breaches” as the most significant risk facing businesses in the region.
In August 2025 alone, Australia saw some 5,383 malware incidents — averaging 179 per day — and network-based attacks reached 65,074 attempts (around 2,169 daily). This surge has contributed to a growing sense of cybersecurity fatigue, with 78% of Australian respondents reporting burnout among cyber-security teams, according to joint research by Sophos and Tech Research Asia.
Beyond cyber threats, companies flagged regulatory and legislative change as enduring concerns while workforce shortages and weather-related events also entered the top-risk rankings for the first time in Australia. Notably, while geopolitical risk features globally, it did not make Australia’s local top 10 — revealing a distinct risk profile focused on digital, regulatory and operational pressures rather than external geopolitical factors.
For the insurance and risk-management sectors, the findings underscore two imperatives: first, cyber risk must be viewed as a systemic business threat — not just an IT issue; second, firms must integrate cyber risk into enterprise-wide resilience planning rather than rely solely on standalone cyber-policies.
For more details and structured learning, please explore our risk management courses.
