More than 40 per cent of all Australian cybercrime victims fall prey to multiple types of cybercrime in a single year, with fraud and scam victims emerging as the most vulnerable. And it's prompted a critical reminder for Australians to bolster their online safeguards.
In its newly released Cybercrime in Australia 2024 report, the Australian Institute of Criminology (AIC) looked at four key cybercrime types - online abuse and harassment; malware; identity crime and misuse; and fraud and scams.
It found 42.1 per cent of victims were targeted across two or more categories in a single year, with 6.6 per cent victimised across all four.
For AFP Cyber Commander Graeme Marshall, the scope of poly-victimisation underscores the critical need for community awareness and vigilance.
"People who fall victim to one type of cybercrime are often at higher risk of being targeted in another way," Commander Marshall said.
"Cybercriminals don't just move on after one attack. If they find a vulnerability, whether that's a weak password, outdated software or a compromised email, they'll come back again and again - often in different ways.
"For example, someone who loses personal information to an online scam may then be targetted with identify fraud and phishing. This means these crimes are not isolated events; they're often linked, and the impacts can be financial, emotional and deeply personal.
"It's why prevention is not a one-off effort. It needs to be part of everyday habits."
The AIC report found 80 per cent of victims of fraud and scams - defined in the report as one of the four key types of cybercrime - were likely to experience another type of cybercrime within a single year, making them the most vulnerable.
The report also identified a clear correlation between poly-victimisation (experiencing multiple and distinct types of victimisation) and cybercrime-related harm. The report showed that:
Victims who experienced three or more types of cybercrime were at least three times more likely to report health, financial and legal impacts than victims of only one type.
Practical impacts were reported by 57.8 per cent of victims of three types of cybercrime and 63.9 per cent of four-type victims, compared with 31 per cent of single-type victims.
Social impacts rose from 20.2 per cent for single-type victims to 49.7 per cent for those who experienced four types.
AIC Deputy Director Rick Brown said poly-victimisation was particularly prevalent among individuals affected by fraud and scams.
"People aged 18 to 34 are disproportionately impacted, making community education on prevention strategies critically important," Mr Brown said.
"Victims who seek support and guidance after experiencing cybercrime are often more likely to adopt online safety measures that help prevent future victimisation."
The AIC is uniquely placed to provide evidence of who is more likely to fall victim to cybercrime.
The AFP also works collaboratively with law-enforcement partners, government agencies, industry and the public to disrupt cybercriminal networks and equip Australians with the tools to protect themselves.
While financial losses from cybercrime are significant, they represent just one part of its broader cost.
Many victims spend significant time and resources on recovery, whether that's seeking legal advice, addressing emotional distress or installing new cybersecurity measures. Anecdotal evidence also points to fraudulent recovery agents who revictimise those who seek help.
"With prevention serving as the strongest defence, the AFP encourages everyone to take simple steps such as using multi-factor authentication, updating devices and software, and reporting suspicious activity to ReportCyber," Commander Marshall said.
"The earlier we intervene, the better our chances of preventing further harm."
This Cyber Security Awareness Month, Australians are reminded to take action on three simple steps:
1 - Install software updates to keep your device secure.
2 - Use a unique and strong passphrase on every account.
3 - Always set up multi-factor authentication.
If you believe you are a victim of a phishing scam, or see any discrepancies in your bank account, please contact your bank and report the matter to ReportCyber.
We are committed to equipping all Australians with the knowledge and resources to protect themselves against cybercrime.
Watch our cybercrime prevention videos and protect yourself from being a victim of cybercrime.
If there is an immediate threat to life or risk of harm, call 000.
If you are a victim of cybercrime, report it to police using ReportCyber.
