Artificial Intelligence Is Making Cybercrime Quieter And Quicker: Fortinet Survey Reveals Up To Three Times Surge In Artificial Intelligence-Powered Threats Across Australia

Artificial Intelligence

Detection gaps widen as artificial intelligence-fuelled attacks reshape cybersecurity in the region June 24, 2025 – Fortinet®, the global cybersecurity leader driving the convergence of networking and security, has announced the findings of a new IDC survey that reveals a sharp escalation in both the volume and sophistication of cyber threats across Australia and the […]

Posted: Tuesday, Jun 24

KBI.Media
$
Artificial Intelligence Is Making Cybercrime Quieter And Quicker: Fortinet Survey Reveals Up To Three Times Surge In Artificial Intelligence-Powered Threats Across Australia

Artificial Intelligence Is Making Cybercrime Quieter And Quicker: Fortinet Survey Reveals Up To Three Times Surge In Artificial Intelligence-Powered Threats Across Australia

Detection gaps widen as artificial intelligence-fuelled attacks reshape cybersecurity in the region

June 24, 2025 – Fortinet®, the global cybersecurity leader driving the convergence of networking and security, has announced the findings of a new IDC survey that reveals a sharp escalation in both the volume and sophistication of cyber threats across Australia and the Asia Pacific (APAC) region. The study, commissioned by Fortinet, highlights how attackers are rapidly adopting artificial intelligence (AI) to scale stealthy, fast-moving attacks, leaving security teams struggling to detect and respond in time. The results reveal a threat landscape that is both evolving in complexity and shifting toward gaps in visibility, governance, and infrastructure, posing greater challenges to overstretched cyber teams.

AI joins the attacker’s arsenal, and most firms have felt it

The rise of AI-driven cybercrime is no longer theoretical. Nearly 51 per cent of organisations in Australia said that they have encountered AI-powered cyber threats in the past year. These threats are scaling fast, with two times increase reported by 76 per cent and three times increase by 16 per cent of organisations.
This new class of AI-powered threats is harder to detect and often exploits weaknesses in human behaviour, misconfigurations, and identity systems. In Australia, the top AI-driven threats reported include AI-powered malware (e.g., self-evolving, polymorphic malware), AI-assisted credential stuffing and brute force attacks (AI optimising login attack success rates), AI-driven deepfake impersonation in business email compromise, AI-enhanced zero-day discovery and weaponisation, and deepfake-driven social engineering attacks (e.g., voice/video impersonation for fraud).
Despite the rise in AI-driven attacks, only 32 per cent of organisations say they are very confident in their ability to defend against them. Meanwhile, 15 per cent admit that AI threats are outpacing their detection capabilities, exposing a significant preparedness gap.

Cyber risk is now a constant, not a crisis

The cybersecurity landscape is no longer defined by episodic crises; it is a state of constant exposure. Organisations in Australia are increasingly vulnerable to threats that operate in the shadows. The most reported threats include denial of service (60 per cent), software supply chain attacks (59 per cent), cloud vulnerabilities (59 per cent), ransomware (56 per cent), and insider threats (51 per cent).
The most disruptive threats are no longer the most obvious. Topping the list are unpatched (n-day) vulnerabilities and zero-day exploits, followed closely by insider threats, cloud misconfigurations, software supply chain attacks, and human error. These threats are particularly damaging because they often go undetected by traditional defences, exploiting internal weaknesses and visibility gaps.
The fastest-rising threats include ransomware (20 per cent), supply chain attacks (15 per cent), denial of service (12 per cent), and zero-day exploits and cloud vulnerabilities (10 per cent). These threats are scaling rapidly because they exploit gaps in governance, visibility, and system complexity, making them harder to detect and potentially more damaging when successful.
The consequences are no longer limited to downtime. The top business impacts of cyberattacks include data theft and privacy violations (47 per cent), loss of customer trust (40 per cent), operational disruption (36 per cent), and regulatory penalties (35 per cent). Financial damage is also real, as 54 per cent of respondents experienced breaches that resulted in monetary loss, with one in three (34 per cent) costing over US$500,000.

Teams under pressure: too few people, too many problems

Security teams in Australia continue to face significant resource constraints. On average, just seven per cent of an organisation’s workforce is dedicated to internal IT, and only 13 per cent of that subset is focused on cybersecurity. That equates to less than one full-time cybersecurity professional for every 100 employees.
Only 15 per cent of organisations have a standalone chief information security officer (CISO), and most (63 per cent) continue to combine cybersecurity responsibilities with broader IT roles. Just six per cent of organisations have specialised teams for functions like threat hunting and security operations.
These lean teams are also facing mounting pressure from the surge in threats. The top challenges reported include overwhelming threat volume (54 per cent), difficulty in retaining skilled cybersecurity talent (52 per cent), and tool complexity (44 per cent), leading to burnout and fragmentation within cyber teams.

Investment is rising, but still lagging behind risk

Despite increased awareness, cybersecurity investment remains disproportionately low. On average, just 15 per cent of IT budgets are allocated to cybersecurity, representing just over 1.4 per cent of total revenue, a small fraction given the scale and severity of threats.
Budgets are ticking up, with nearly 80 per cent of organisations in Australia reporting an increase. However, most of these increases remain under 10 per cent, suggesting that investment is still cautious.
Organisations are increasingly shifting from infrastructure-heavy spending to more strategic investments. The top five priorities include identity security, network security, secure access service edge (SASE)/zero trust, cyber resilience, and cloud-native application protection, indicating a shift toward access-centric, risk-based security planning.
However, critical areas such as operational technology/Internet of Things security; development, security, and operations; and security training continue to receive limited funding; indicating a persistent lag in addressing operational and human-layer vulnerabilities.

Platform-driven resilience amid rising complexity

Convergence between security and networking is now mainstream, with over 90 per cent of respondents in Australia either already converging or actively evaluating options. This move reflects the urgency to simplify architectures, integrate defences, and streamline operations.
Almost three-quarters (74 per cent) of organisations are already on a consolidation journey, yet challenges remain. Despite this progress, nearly half of all respondents still cite tool management as a major challenge, indicating that the problem is no longer the number of tools, though the fragmentation and lack of integration across them.
Vendor consolidation is increasingly viewed as a strategic lever for cost reduction, and to improve detection speed, issue resolution, and visibility. The top benefits organisations seek from consolidation include faster support (59 per cent), cost savings (53 per cent), better integration (53 per cent), and improved security posture (51 per cent).

Supporting quotes:

“The findings of this survey point to a growing need for AI-accelerated defence strategies across Asia Pacific, Japan, and China (APJC). Organisations are facing a surge in stealthy, complex threats—from misconfigurations and insider activity to AI-enabled attacks—that bypass traditional detection methods. A shift toward integrated, risk-centric cybersecurity models is critical to staying ahead. In this new threat landscape, reactive security is no longer enough; predictive, intelligence-driven operations must become the norm.”
Simon Piff, research vice president, IDC Asia-Pacific

“Organisations must approach security defence as a dynamic and continuously evolving ecosystem. This requires more than simply adopting the latest technologies. Lasting resilience comes from effectively embedding and optimising security solutions in alignment with people and processes. Fortinet is focused on helping companies shift from piecemeal defences to AI-powered security systems that are built for scale and sophistication. As the market shifts from infrastructure-centric models to more strategic priorities such as access, identity, and fortification, Fortinet is assisting customers to position cybersecurity as a long-term business enabler rather than just a protective measure. Through its platform approach, Fortinet provides the scale, intelligence, and simplicity organisations need to stay ahead of evolving threats.”
Glenn Maiden, director of threat intelligence, FortiGuard Labs, Australia and New Zealand, Fortinet

About the survey

IDC surveyed 550 IT and security leaders across 11 Asia-Pacific markets, including Australia (70 respondents), New Zealand (30 respondents), and 50 respondents each from India, Indonesia, Malaysia, Singapore, South Korea, Thailand, the Philippines, Vietnam, and Hong Kong between February and April 2025. Respondents represented organisations with over 250 employees and were directly involved in cybersecurity decision-making. The findings are published in the IDC Info Snapshot, sponsored by Fortinet, State of Cybersecurity in Asia-Pacific: From Constant Risk to Platform-Driven Resilience, May 2025, IDC Doc #AP249601X.

About Fortinet

Fortinet is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere our customers need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinet’s solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute, one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. Collaboration with esteemed organisations from both the public and private sectors, including Computer Emergency Response Teams (“CERTS”), government entities, and academia, is a fundamental aspect of Fortinet’s commitment to enhance cyber resilience globally. FortiGuard Labs, Fortinet’s elite threat intelligence and research organisation, develops and utilises leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs.