Sophisticated state and criminal actors are striking more frequently, with a cyber crime being reported every seven minutes, down from eight.
The Australian Cyber Security Centre received more than 76,000 reports in the last financial year, a 13 per cent increase from the year before.
Publicly reported software vulnerabilities also jumped 25 per cent.
Almost $100 million has been lost to Australians having compromised email systems, an average of $64,000 for each reported instance.
This includes criminals sending emails pretending to be a business to solicit payments, such as a real estate agent requesting a deposit.
The average loss for a small business is $39,000, and this increases to $88,000 for medium ones.
The average loss was highest in Western Australia at $112,000 and lowest in the Northern Territory at $26,000.
The average loss in NSW was almost $70,000 and all other states and territories sat around $50,000.
But the most at risk are commonwealth and state government systems, making up more than a third of all cyber incidents.
Health systems were the next big targets, mainly due to cyber criminals attacking vulnerable businesses that are more likely to pay ransoms to access their data back.
The security centre's head Abigail Bradshaw said cyber threats were constantly evolving and targeting the nation's critical infrastructure more frequently.
"We've also witnessed the continued commercialisation of malicious malware and cyber crime tools which have fed a growing network of cybercrime and gangs," Ms Bradshaw said.
"And of course, the weaponisation and monetisation of sensitive stolen data."
The centre blocked more than 24 million malicious domain requests, took down 29,000 attacks against Australian services and responded to 185 ransomware movements, which was a 75 per cent increase.
It was also involved in five successful operations taking down online criminal marketplaces and foreign scam networks.
16°C