96% of workplaces hit with targeted cyber attacks in past 12 months

A new report has revealed some shocking revelations about how under threat Australian organisations are to cyber attacks.

SoSafe has conducted a Cybercrime Trends Report for 2025, finding that 96 per cent of organisations in Australia have been targeted through personal devices or accounts in the past 12 months – leading to security and privacy issues for employers.

According to SoSafe, it highlights an often-overlooked issue that can arise for organisations, which is the “blurred boundary between personal and professional digital spaces”. With many Australian organisations adopting hybrid working arrangements, personal devices and accounts are often used by workers – opening the door for bad actors to infiltrate.

“While Australian employees disconnect at the end of a workday, cyber criminals do not. Our personal lives are now part of their attack surface, and organisations should prepare as such,” said Jacqueline Jayne, advocate for human-centric security at SoSafe.

“Everyone is at risk. Not only employees and executives but also their families.”

On top of that threat, 96 per cent of organisations were also hit with AI-assisted or driven cyber attacks last year. Organisations that are least prepared for these attacks are, of course, most at risk. This can be common for Australian SMBs, with nearly half (48 per cent), according to the Australian Cyber Security Centre, spending less than $500 on cyber security each year.

With a rise in multichannel attacks being reported by 98 per cent of organisations over the past two years, cyber security has never been more crucial – especially for at-risk SMBs. According to the report, bad actors and cyber criminals are increasingly leveraging a mixture of email, messaging apps, social media, and deepfake voice calls.

“The attack surface for cyber attacks is growing every day – your entire network is now at risk. This goes even beyond direct attacks to a business, as backdoors through third-party vendors also pose a risk,” said Jayne.

Andrew Rose, chief security officer at SoSafe, said: “We see cyber criminals exploiting the blurred lines between personal and professional digital spaces, and this is a concern for organisations [that] see staff being exploited outside their sphere of control.”

“However, by empowering every employee – not just security teams – with the knowledge and tools to recognise and respond to these evolving threats, businesses can build a resilient human firewall.”

“The safekeeping of information and technology is no longer the concern of the IT department as everyone uses these assets every day. As such, cyber security is no longer just an IT problem either – it’s a shared responsibility – and the more we educate, prepare, and strengthen our people, the harder we make it for attackers to succeed.”

As hybrid working arrangements continue to be the norm throughout Australian organisations, it’s imperative that employers ensure they are taking that multifaceted approach to their cyber security by educating their workers.