Powered by MOMENTUMMEDIA
For breaking news and daily updates, subscribe to our newsletter

1 in 3 Australian organisations hit by ransomware, according to new report

New research highlights rising cyber incidents and growing investment in security, but warns that larger organisations are falling behind.

Fri, 03 Jul 2026
1 in 3 Australian organisations hit by ransomware, according to new report

More than one-third of Australian organisations experienced a ransomware attack or extortion attempt over the past year, according to new research from professional services firm RSM Australia, with larger enterprises disproportionately affected.

The RSM Australia 2026 Cyber Security Report, based on a survey of business and IT leaders from 155 medium and large organisations, found that 35 per cent had been targeted by ransomware in the past 12 months.

Among organisations with more than 1,000 employees, that figure rose to 49 per cent.

 
 

The report also found that one in five organisations suffered a data breach during the same period, despite 97 per cent expressing confidence in their ability to protect sensitive customer information.

RSM partner Ashwin Pal said the findings point to a disconnect between executive confidence and operational reality.

“These statistics should be raising serious questions for boards, executives, and IT leaders,” Pal said.

“Senior management needs to be demanding proof of resilience, through testing, metrics, and independent assurance measures.”

However, the report found that cyber security investment continues to grow, with 91 per cent of organisations expecting to increase their cyber security budgets over the coming year. At the same time, 59 per cent now test their incident response plans at least quarterly.

One of the report’s more notable findings was the performance of mid-sized organisations. Companies with between 201 and 1,000 employees consistently outperformed both smaller and larger businesses across a range of cyber security measures, particularly digital identity management.

“Organisations with 201 to 1,000 employees are leading adoption by a meaningful margin across every identity management measure, including biometric authentication and password-less authentication,” Pal said.

He suggested the decline among larger organisations reflected the challenges of operating at scale.

“This suggests that organisation complexity, increased levels of bureaucracy and rollout friction can erode the effectiveness of security controls,” he said.

The report also found that organisations with more than 1,000 employees lagged in cyber security awareness training and crisis communication planning, despite facing higher levels of cyber risk.

Pal warned that larger organisations should review whether their governance structures and security programs remain effective as operational complexity increases.

You can read the full report here.

Cyber DailyWant to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.
Tags:

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.