Australia ‘soft target’ for cyber criminals after years of inaction, inquiry hears

International scammers see Australia as a “soft target” after the nation’s security agencies spent years failing to act on the threat of cybercrime, a parliamentary inquiry has heard.

IFW Global chief executive officer Ken Gamble said Australia’s approach to fighting cybercrime was “piecemeal” and had failed to keep pace as the number of scams exploded and international crime syndicates robbed billions from Australians.

The veteran investigator, who has busted fraud and criminal syndicates globally, said state and territory policing agencies and the corporate watchdog had spent years on a “merry-go-round of passing the buck”.

Mr Gamble told the joint committee on law enforcement, which is conducting an inquiry into cybercrime, that as a result Australia was facing an unprecedented number of scams.

“The passing of the buck has created this problem,” he said.

“This is why the syndicates are targeting Australia so heavily, it’s why we are one of the most highly targeted countries in the world.”

Mr Gamble said international scamming syndicates saw Australia as a “soft target” because “no one had ever come after them”.

“They get a very good result here in Australia — they get the highest amount of money of all of the countries they target,” he said.

“They’re getting the most money from Australia because there’s a lack of awareness, there’s not really any heavy publicity campaigns to warn people about these types of crimes and there’s no response when people do get scammed and go and complain to law enforcement their case will never be investigated.”

As well, Mr Gamble said “jurisdictional turf battles” between commonwealth and state and territory agencies prevented the crucial sharing of information.

“Australia’s current approach to fighting cybercrime has failed to keep pace with the reality and scale of the threat that we face today,” he said.

“For over a decade as online scams targeting Australians has grown exponentially, our response has remained piecemeal, underfunded and uncoordinated between agencies.

“Jurisdictional turf battles let criminals slip through the cracks on a regular basis. As a result Australia has become a lucrative target for the world’s largest criminal organisations.”

More than two in three Australians have been the victim of a cybercrime, according to a 2023 report by the Australian Institute of Criminology.

And about $33 billion was reported lost to cybercrime in 2020 and 2021.

The Australian Federal Police said in a submission to the inquiry that law enforcement alone could not address the explosion in scams and a whole-of-government response was critical to addressing cybercrime in Australia.

“Australia is facing increasingly persistent and pervasive cybercrime threats targeting critical infrastructure, governments, industry and the community,” said the submission.

“This is evidenced by major cyber incidents against large corporations over the last year, which has resulted in the compromise of personally identifiable information (PII) belonging to over half of the Australian population.”

Recent large-scale data leaks in Australia have impacted large companies such as telco Optus and private health insurer Medibank.

The Australian Security Industry Association Limited is pushing for the cyber security sector to be more tightly regulated including the introduction of probity checks.

“The lack of probity checking for those working in cyber security roles creates vulnerabilities in Australia’s security arrangements,” said the submission.

“The recognition and regulation of a cyber security professional, within the existing regulated framework of private security licensing, would provide a cost-effective approach and support the identification of legitimate providers of cyber security services.”