Australia leads world in costly, rising ransomware toll

Australian organisations reported the highest rate of ransomware attacks in the world this year and almost all paid their extortion demands, according to new research from Rubrik Zero Labs.

The study found that 35 per cent of cyberattacks against Australian organisations involved ransomware demands. These attacks either sought payment for decryption keys or threatened to leak data publicly.

Rubrik Zero Labs is the research unit of data security and AI operations firm Rubrik. The findings are based on a global survey of 1,625 IT security decision-makers in large organisations.

Australia also recorded one of the highest rates of ransom payment. Of Australian organisations that experienced a ransomware attack in the past 12 months, 95 per cent said they paid. Only Singapore reported a higher rate, at 97 per cent.

Rubrik said this payment pattern appears to be a factor in Australia's status as a frequent target. Attackers often focus on environments where victims have a track record of paying. The report links this with the elevated rate of ransomware incidents in the country.

AI agents in focus

The study highlights growing concern in Australia about identity-driven attacks. These attacks focus on hijacking or abusing user accounts, system credentials, or machine and agent identities.

Among Australian security leaders surveyed, 98 per cent ranked identity-driven threats as their top concern. This was the highest level of concern reported in any country covered by the research.

AI adoption is a major factor. The report found that 99 per cent of Australian organisations have integrated or plan to integrate AI models or AI agents into their identity infrastructure.

AI agents can perform tasks and access systems on behalf of users or business processes. If attackers compromise these agents, they can reach sensitive systems and data at speed and scale.

"AI agents are a force multiplier - the only question is whether that force is positive or negative," said Kavitha Mariappan, Chief Transformation Officer, Rubrik. "When compromised and used maliciously, AI agents can cause 10 times the damage in one-tenth of the time. We've already seen the impact compromised human identities can have, and it's clear agentic identities are the next frontier."

Ransomware pressure

The report describes ransomware as a persistent problem for Australian organisations. It notes that traditional security tools and approaches often fail to contain the impact of an attack.

"The figures in this report underline a sobering reality - ransomware remains one of Australia's most persistent and costly cyber threats. Traditional defences clearly aren't enough," said David Rajkovic, Vice President, Rubrik A/NZ. "It is critical for Australian organisations to adopt a proactive security posture, one that prioritises rapid recovery, because paying ransoms only fuels the criminal ecosystem."

Despite the high rate of ransom payments, Australian organisations still reported long recovery times. None of the Australian respondents that suffered a ransomware incident said they could return to normal operations in under an hour.

Almost a quarter of affected organisations said recovery took more than 24 hours. The study also found no Australian organisation believed it could restore full service operations in under 12 hours after a severe incident.

More than a third of respondents, 34 per cent, said it would take at least a week to restore full operations. The report states that, for many, the most complex and time-consuming work sits in rebuilding or securing identity infrastructure.

More than three quarters of Australian organisations, 78 per cent, said it would take them more than 24 hours to recover their identity infrastructure after a compromise. This includes restoring directories, access controls and authentication systems.

Security investment gap

The research suggests Australian organisations are expanding their use of cloud and software-as-a-service platforms. Australian respondents reported a stronger shift toward cloud and SaaS than any other country in the study, at 88 per cent.

Organisations are also planning changes to their workforce. The report found that 92 per cent of Australian respondents aim to hire professionals with responsibility for digital identity management or improvement.

Rajkovic said the findings show a country that is pushing ahead with data and AI initiatives while still working through how to secure them.

"The report highlights a nation that understands the threats and is keen to forge ahead with innovation, but unfortunately our nation lacks investment into appropriate security controls," said Rajkovic. "To prevent innovation from outpacing risk management as organisations adopt AI, mechanisms to monitor and audit agentic actions, enforce real-time guardrails for agentic changes, fine-tune agents for accuracy and, finally, undo agent mistakes will be critical."

The survey covered organisations with at least 500 employees in the US, Europe and Asia-Pacific and included a mix of directors, vice presidents, CIOs and CISOs.