Leading IT solutions provider CMTG, is raising concerns following the release of the 2025 Cybercrime in Australia Report by the Australian Institute of Criminology, warning that businesses must prioritise cybersecurity awareness and employee training to safeguard their operations.
The report revealed that nearly half of Australians have fallen victim to cybercrime, yet many small-to-medium businesses are still more likely to turn to police after an incident rather than proactively investing in employee education, external IT support, and a strong cybersecurity strategy.
Carl Filpo, Managing Director at CMTG, stresses that this reactive approach leaves organisations increasingly vulnerable in today’s high-risk digital environment.
“Cybersecurity can no longer be treated as an optional extra or a one-off investment,” Carl said.
“Investing in employee training, up-to-date IT infrastructure, and a comprehensive cybersecurity strategy isn’t optional, its essential to protect business operations, data and reputation.”
The 2025 Cybercrime in Australia Report reported that respondents with incomes between $120,000 and $180,000 had the highest rates of malware attacks, followed by respondents with an income higher than $180,000.
Carl added “These figures are showing high-income earners are particularly vulnerable – now is the time to invest in both technology and training to protect sensitive data.”
“cybercriminals are targeting all individuals and businesses, and organisations need to treat cybersecurity as a strategic priority, not just an IT concern.”
The report also found that in 2024, respondents were less likely than in 2023 to adopt key online safety strategies, while high-risk online behaviours showed little change, highlighting ongoing vulnerabilities in cybersecurity practices.
“These statistics are showing a clear gap in awareness and preparations, particularly among small-to-medium businesses. External expertise can help bridge these gaps and ensure businesses aren’t left exposed,” Carl added.
“Technology alone isn’t enough, employees are often the first line of defence, making it crucial for all staff and business owners to have regular awareness training and strong cyber security strategies in place.”
Carl has further warned that without proactive measures, businesses will not only face financial loss but reputational damage, CMTG is encouraging all organisations to adopt a layered approach to security to mitigate all cyber risks.
