October marks Cyber Security Awareness Month, and this year’s campaign arrives alongside the Australian Signals Directorate (ASD)’s Annual Cyber Threat Report 2024–25, a report that every MSP and reseller should read closely.
The headline is clear: email compromise remains the most reported cyber threat to Australian businesses, accounting for more incidents than any other single attack type. According to the ASD, business email compromise (BEC) fraud now accounts for 15% of all business-related cybercrime, while email compromise without direct financial loss accounts for 19%.
That means one in three cybercrime incidents impacting Australian businesses begins with email. For MSPs and partners, this underscores both a challenge and an opportunity, a chance to translate national-level insights into measurable, customer-facing improvements that harden email defences and strengthen cyber resilience.
And the cost of cybercrime continues to rise as well, up 50% overall at $80,850, with the average self-reported cost of a cyber incident at $56,571 for small businesses (+14%), $97,166 for medium sized businesses (+55%), and $202,691 for larger businesses (+219%).
Average self-reported cost of cybercrime to businesses - Annual Cyber Threat Report 2024–25
(© Commonwealth of Australia 2025, Australian Signals Directorate’s Australian Cyber Security Centre)
Key Findings MSPs Should Note
- Phishing remains the most common entry point
The ASD attributes 38% of all reported incidents to phishing attacks, still the number one “initial access” method for malicious actors. Attackers are increasingly using AI-generated content, QR codes, and impersonation of trusted services to evade detection.
Prevalence of top 10 MITRE ATT&CK techniques in FY2024-25 - Annual Cyber Threat Report 2024–25
(© Commonwealth of Australia 2025, Australian Signals Directorate’s Australian Cyber Security Centre)
For partners, this reinforces the need to implement behavioural and AI-driven detection layers that can identify zero-day and polymorphic phishing attempts before they reach users, especially those that exploit Microsoft 365 trust. - Business Email Compromise is costing more, and hitting faster
The ASD notes a 219% rise in the average cost of cybercrime to large businesses, driven largely by BEC attacks. Small and medium enterprises were also heavily impacted, with reported BEC losses exceeding $97,000 per incident.
These scams increasingly exploit sophisticated social engineering and credential theft, targeting finance teams, executives, and suppliers. MSPs must help clients implement layered defences, not just spam filtering, but real-time content inspection, impersonation analysis, and finance workflow controls. - Ransomware and data extortion are becoming more targeted
Ransomware remains the most disruptive form of cybercrime. The ASD reports 138 ransomware incidents in FY2024–25, many discovered only after proactive contact from ASD itself. Attackers are now combining encryption with data theft and blackmail, targeting both organisations and individuals referenced in stolen data.
Stopping the infection chain at the email layer remains the most effective countermeasure. - AI is amplifying social engineering
The report confirms that generative AI is enabling cybercriminals to scale deception, creating convincing deepfakes, fake KYC records, and hyper-personalised phishing content. Partners should advise clients that awareness training alone can’t keep pace, they need AI defending against AI, enhancing Microsoft 365 native security controls.
- Supply chain and trusted service impersonation are rising
The ASD highlights a growing wave of attacks leveraging compromised SaaS platforms, cloud file shares, and partner domains. Attackers are exploiting the implicit trust that users place in familiar brands like Microsoft, Adobe, and logistics providers.
Partners should guide clients away from over-reliance on “safe sender” lists and instead deploy context-aware inspection that analyses sender behaviour, message structure, and embedded URLs.
These are the top reporting sectors for cyber incidents throughout 2024-25.
Top 10 reporting sectors from incidents reported to ASD's ACSC - Annual Cyber Threat Report 2024–25
(© Commonwealth of Australia 2025, Australian Signals Directorate’s Australian Cyber Security Centre)
Where Email Fits Into ASD’s Broader Picture
The ASD’s data confirms that phishing, credential compromise, and email impersonation are now central to almost every major cyber incident chain, from ransomware entry to identity theft to supply chain compromise.
Yet, the report also underscores a positive truth: basic security hygiene works. Strong MFA, patching, secure backups, and advanced email filtering could prevent most of the 1,200+ incidents ASD responded to last year.
Turning Insight into Action: Partner Recommendations
1. Use Cyber Security Awareness Month to reset the conversationRun ASD-aligned security reviews with clients, mapping their maturity against the Essential Eight. Use this as a natural opportunity to position email threat protection as the fastest, lowest-friction uplift in resilience.
2. Deploy MailGuard to boost native securityEnhance resilience by deploying MailGuard’s AI-powered email security alongside native measures in Microsoft 365, Google and other platfoms, to stop zero-day and AI-driven email threats before they reach users. Microsoft telemetry verifies that MailGuard’s services block emerging threats hours to months faster than Microsoft Defender, Mimecast, and Proofpoint, providing immediate value against the evolving tactics highlighted in the ASD report.
3. Protect against identity and credential theftUse MailGuard to detect phishing pages, QR codes, and credential-harvesting links, while enforcing MFA, conditional access, and least-privilege principles across Microsoft 365 tenants.
4. Own the BEC and ransomware use caseBuild a repeatable managed service that combines advanced email threat protection, finance verification workflows, and quarterly risk reporting. Show customers how your services directly mitigate the risks highlighted in the ASD’s top business cybercrime types.
5. Communicate in business outcomes
The ASD calls for all organisations to “assume compromise” and focus on protecting their crown jewels. Frame your value in the same terms, fewer incidents, reduced downtime, lower recovery costs, and improved cyber insurance eligibility.
A Call to Partners
Cyber Security Awareness Month isn’t just about awareness, it’s about action. The ASD’s findings prove that email remains the most exploited attack vector, but also the most controllable.
As a partner, your role is vital, not just to sell security software but in translating national threat intelligence into everyday business protections, helping your clients close the gap between compliance and true resilience.
Talk to our team. Together, we can make Australia’s inboxes the hardest target of all.Keeping Businesses Safe and Secure
Prevention is always better than a cure, and one of the best defences is to encourage businesses to proactively boost their company’s cyber resilience levels to avoid threats landing in inboxes in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for businesses to fortify.
No one vendor can stop all email threats, so it’s crucial to remind customers that if they are using Microsoft 365 or Google Workspace, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a specialist AI-powered email threat detection solution like MailGuard.
For a few dollars per staff member per month, businesses are protected by MailGuard's specialist, zero-day email security. Special Ops for when speed matters! Our real-time zero-day, email threat detection amplifies your client’s intelligence, knowledge, security and defence.
MailGuard provides a range of solutions to keep businesses safe, from email filtering to email continuity and archiving solutions. Speak to your clients today to ensure they’re prepared and get in touch with our team to discuss fortifying your client’s cyber resilience.
Talk to us
MailGuard's partner blog is a forum to share information; we want it to be a dialogue. Reach out to us and tell us what your customers need so we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 2822
UK partners call 0 800 404 8993
