What is cybercrime? Types of cybercrime and how to prevent them

Cybercrime affects more businesses each year. During FY 2024-25 the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) answered more than 42,500 calls to the Australian Cyber Security Hotline, up 16% on the previous year. Incidents involving Denial of Service (DoS) or Distributed Denial of Service (DDoS) were up more than 280%. And 11% of all incidents responded to involved ransomware.

Criminals use digital tools to steal information, disrupt systems, or trick people into sending money. Some incidents target large organisations, but many affect small businesses that rely on everyday technology. The impact can be stressful and expensive, especially when it interrupts trading.

Understanding what cybercrime is and how it works helps you protect your business more effectively.

What is cybercrime?

Cybercrime is any criminal activity that involves computers, networks or digital devices. It includes attacks that steal data, damage systems or trick people into sharing sensitive information. Some crimes use malware or ransomware. Others rely on social engineering, where criminals manipulate people rather than technology.

The Australian Cyber Security Centre defines cybercrime as activity carried out through computers or the internet that breaks the law or causes harm. This harm can be financial, operational or reputational, depending on the type of attack. Cybercrime incidents can be reported through ReportCyber, the national platform for cybercrime reporting in Australia.

Who does cybercrime happen to?

Cybercrime can happen to anyone. Criminals target individuals, families, small businesses, community organisations and large companies. Many attacks are automated, which means the criminal does not choose a specific victim. Instead, they scan the internet for weaknesses and attack whatever they find.

Small businesses are often affected because they may not have large IT teams or advanced monitoring tools. The Australian Cyber Security Centre continues to record rising reports from small organisations, which shows that exposure is not limited to major companies. Some industries experience more pressure than others, especially those that handle personal information or depend heavily on online systems.

Types of cybercrime

Cybercrime comes in many forms. Some are simple and some are more complex, but all can interrupt business activity. Businesses may face one type of attack or several at once, depending on how the incident unfolds.

• Phishing: Phishing involves fake emails, text messages or social media messages that appear legitimate. They try to trick someone into clicking a harmful link or sharing information such as passwords or payment details. These scams are becoming more personalised, which makes them harder to spot.
• Ransomware: Malicious software that locks your files or systems. Criminals demand payment to restore access. Recovery can take time and affect day to day business operations.
• Malware infections: Software that damages systems, steals data or spies on activity without your knowledge. Malware can spread quickly if not detected early.
• Business email compromise: Criminals gain access to a business email account and use it to send false invoices or change payment details. These attacks often rely on social engineering.
• Identity and data theft: Criminals steal personal or business information such as customer records, login details or financial data. They may use it for fraud or sell it to others. Data theft can lead to regulatory notifications and affect customer trust.
• Denial of service attacks: Criminals flood a website or server with traffic, causing it to slow or shut down. This can interrupt customer access and reduce sales.

Do businesses need both?

That depends on how the business operates. Many businesses face both types of exposure, even if they are small or work remotely. For example, an IT consultant might face a cyber incident, and a client claims about how systems were managed. These covers address different aspects of that risk.

Choosing the right cover

The right mix of insurance depends on the services you provide, how you work, and what could realistically go wrong. Client contracts may also specify required cover types or limits.