Australia’s digital landscape is facing a critical juncture, with a surge in sophisticated ransomware attacks fueled by the rapid adoption of Artificial Intelligence (AI). This is compounded by a concerning lack of preparedness among businesses, turning the nation’s digital infrastructure into a high-value target for cybercriminals.
Recent research paints a concerning picture of the current situation. According to Opentext Cybersecurity, two in five Australian companies have experienced a ransomware attack in the past year, with nearly half of those suffering repeat offenses. This serves as a stark reminder that complacency is a risk businesses cannot afford in the digital age.
The rise of generative AI presents a double-edged sword. While businesses are eager to leverage its capabilities, cybercriminals are equally keen to weaponize it. A recent survey reveals that over half of respondents have observed a spike in phishing and ransomware attacks linked to AI, while 44% report deepfake impersonation attempts. This goes beyond simple spam emails; it signifies the emergence of sophisticated, targeted attacks that are increasingly difficult to detect.
Data leakage is the primary AI-related concern, followed closely by AI-enabled attacks and deepfake scams. The complexity of managing these risks is placing significant strain on security teams, who are struggling to balance innovation with robust protection measures.
The Heightened Phishing Threat
Phishing, a long-standing tactic of deceiving users into revealing sensitive information, has been significantly amplified by AI. Cybercriminals are now leveraging AI to craft more convincing and personalized phishing emails, making it increasingly challenging for even the most vigilant employees to identify the deception. You can learn more about #Phishing and how to protect yourself by following that hashtag on TechDay.
The vulnerabilities extend beyond internal systems, as the supply chain has emerged as a significant point of weakness. Approximately one in four organizations has experienced a ransomware incident originating from a software vendor. This underscores the critical importance of conducting thorough cybersecurity assessments of all third-party providers.
On a positive note, a significant 80% of organizations now incorporate cybersecurity assessments of their software suppliers into their risk management process, and 84% have implemented a structured patch management program. However, these measures must be continuously updated and rigorously enforced to effectively stay ahead of evolving threats.
The growing sophistication of ransomware attacks has finally captured the attention of top-level executives. A substantial 69% of respondents indicated that their executive teams now consider ransomware a top-three business risk. This heightened awareness is a crucial step towards allocating resources and implementing effective security measures.
Furthermore, customer and partner demand for assurance is on the rise, with 64% of organizations having been questioned about their ransomware readiness within the past year. This external pressure further emphasizes the need for robust cybersecurity practices.
“Organisations are right to be confident in their progress in security posture, but they can’t afford to be complacent,” said Muhi Majzoub, Executive Vice President, Security Products, OpenText. “AI fuels productivity while also heightening risk through insufficient governance and its expanding use in attacks. Managing information securely and intelligently is essential to building resilience in organisations of any size.”
Looking ahead to 2026, companies are prioritizing cloud security (59%), user training (52%), and network protection (51%). Regular security awareness training is now standard at most organizations, with only 4% reporting that no such training takes place. However, training is not a one-time event; it needs to be ongoing and adapted to the latest threats.
The challenge for Australian businesses lies in maintaining a proactive stance against cybercriminals. This necessitates a multi-faceted approach encompassing a robust security infrastructure, comprehensive employee training, and a proactive approach to threat detection and response. The goal extends beyond merely protecting data; it encompasses safeguarding reputation, customer trust, and the very future of the business.
As AI continues to evolve, so too will the threats it enables. The battle against AI-powered ransomware is just beginning, and only those who embrace resilience and constant vigilance will emerge victorious.
