This Isn't Just a Warning!
It's Already Happening

Estimated Exposure: 223,000 patients. $5.8 million penalty.

What Happened: Australian Clinical Labs got breached in 2022. Hackers walked through the front door — no multi-factor authentication, firewall logs kept for only one hour, no proper incident response plan. 223,000 patient health records stolen. Medication histories that reveal mental illness, fertility treatment, gender transition. All posted for sale on the dark web. The Federal Court didn’t just fine them — they broke it down: $4.2 million for not securing data. $800,000 for not investigating. $800,000 for not reporting it fast enough. First civil penalty ever imposed under the Privacy Act. The court said they “failed to act with sufficient care and diligence.”

Message: Australian regulators: ignorance is not a defence. Negligence has a price tag.

Source: Federal Court of Australia [2025] FCA 1224, OAIC prosecution

Estimated Exposure: The AI Attack Explosion — Australia Is Getting Hit Harder Than Anyone

What Happened: 36% of all cyber attacks against Australian businesses in 2024 were AI-generated. That’s a higher rate than the US and UK. Ransomware incidents surged 149% in early 2025. 80% of ransomware attacks now use AI tools. One in five Australian SMBs that got hit filed for bankruptcy or closed permanently.
54 billion malicious requests blocked by Wordfence in one year — billion, not million. 84,700 cybercrime reports in Australia per year. One every six minutes. Average cost per SMB incident: $56,600. That’s a new ute. The internet hasn’t lit up yet. The 5 million professional scammers haven’t found the AI
tutorials on YouTube. When they do, these numbers won’t rise. They’ll detonate.

Source: Cyble Threat Intelligence Report 2024

Estimated Exposure: 114 organisations hit across 3 continents. Still active.

What Happened: I writes the malware. Every variant is unique — never been seen before, so antivirus software can’t detect it. Disguised as legitimate software. 114 organisations hit. Manufacturing, government, and healthcare. Campaign still running. AI finds the targets. AI writes the code. AI deploys the attack. AI moves to the next target. Thousands per hour. No human required. The internet hasn’t lit up yet. This is the spark.

Source: Trend Micro Research, Sept 2025

Estimated Exposure: 34 GB exfiltrated, 3-day total shutdown

What happened: Sarcoma ransomware. 34 GB taken. Three-day complete shutdown. Their FOURTH cyber incident. Same company. Four times. They got hit, cleaned up, got back to work. Got hit again. Because they never actually locked the doors. Once you’ve been breached you go on a list. Other groups buy that access.  Without proper hardening and ongoing monitoring, you’re just waiting for the next one.

Source: Cyber Daily exclusive, Nov 2024

Estimated Exposure: Full client data published on dark web – even crypto wallets!

What Happened: Perth-area family law firm hit by Anubis ransomware. The attackers didn’t just encrypt and demand money. They moved in. Lived inside the systems long enough to copy everything. Divorce records. Superannuation forms. Crypto wallets. Tax data. Then published it all. Every Perth business owner who’s ever used a family lawyer can picture their own files up there.

Source: Cyber Daily / Lawyers Weekly, 2025

Estimated Exposure: €220,000

What happened: The employee received a phone call from the CEO. Sounded exactly like him. Tone, pacing, everything. Requested an urgent €220,000 wire transfer. The employee authorised it immediately. It was AI-generated audio cloned from publicly available recordings. Your voice is on your voicemail. On your website. On every Zoom you’ve ever been on. “Hey mate, transfer $15K to the supplier, I’m driving, sort the paperwork later.” That’s all it takes. And it sounds exactly like you.

Source: Wall Street Journal / Trend Micro, 2019