Research shows one in three Australians hacked in last 12 months

On Monday Medibank chief executive officer David Koczkar said the insurer would not be paying the ransom, believing it would likely not prompt the hacker to give the data back and could encourage others to also steal data.

"Based on the extensive advice we have received from cyber crime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers' data and prevent it from being published," he said.

A survey conducted by the Australian National University found of 3,500 adults, 32.1 per cent said they or a member of their household were the victim of hacking in the last year.

The study was done in October, after Optus announced they had been hacked and more than 2 million past and current customers had their personal information, including driver's licence numbers, Medicare numbers and passport details, compromised.

Nearly half of 25 to 34 year olds targeted 

Co-author of the study Professor Nicholas Biddle said the survey showed cyberattacks were one of the fastest growing crimes in Australia.

"As our lives become more and more dominated by data, so too does our exposure to data related crime," Professor Biddle said.

"This is a serious issue that needs serious attention."

He said in comparison to the roughly one in three adults who were impacted by cyber attacks, the survey found "only 11.2 per cent of Australians had been the victim of serious crimes like burglary or assault in the last five years".

The survey also found 25 to 34 year olds were the most likely to fall victim to a data breach, with 41.5 per cent of the cohort saying they have been targeted in the last 12-months.

The ANU study found that almost all Australian adults, 96.2 per cent, believed companies that do not adequately protect consumer data should face significant sanctions.

About 92.8 per cent of Australian adults also thought government regulation of new technologies is crucial for consumer protection and 90.6 per cent thought the government should regulate companies' use of data.

"Breaches like the Optus breach clearly impact on trust in the whole system of data governance, and Australians are crying out for stronger regulation and better protection," Professor Biddle said.

Government to strengthen penalties 

The government has fast-tracked amendments to the Privacy Act in Parliament which will increase the penalty for companies caught in a data breach to a minimum of $50 million.

On Monday, Liberal MP Karen Andrews introduced a motion into the House of Representatives in relation to data breaches.

"The recent, sobering annual threat assessment from the Australian Cybersecurity Centre has documented our deteriorating cyber environment and recognised the safe as a leading domain for warfare and crime including extortion, espionage and fraud," she said.

The annual cyber threat report Ms Andrew refers to stated over 76,000 cybercrimes were reported between July 2021 and June 2022, an increase of 13 per cent from the previous financial year.

The centre also stated a cybercrime was reported every 7 minutes on average, compared to every 8 minutes last financial year.

Financial losses from compromised business emails also increased to over $98 million, an average loss of $64,000 per report.

"The silence from the government on these [Optus and Medibank] breaches has been deafening," Ms Andrews said, defending the previous government's efforts to strengthen cybersecurity.

In response, Peter Khalil, chair of the joint parliamentary committee on intelligence and security, said the Liberal party was "pulling the wool over the Australian people's eyes" by "seeking to assign blame to the new government and minister and avoiding any responsibility themselves".

"They left the door wide open. They left the back door open. The left the windows open," he said.