ASX 200 Cybersecurity Scores Improve, But 10% Already Infected by Dark Web Threats
Event summary
- UpGuard's 2025 ASX 200 Cybersecurity Report shows average score of 728.5 (B rating), up 1.58% from 2024.
- 10% of ASX 200 companies have active, verified infostealer infections, with 71% concentrated in largest firms.
- Security improvements often triggered by major incidents like CrowdStrike outage but subside within months.
- Encryption remains the weakest link in cybersecurity posture for the second year.
- Information Technology and Utilities sectors lead in security posture, while Materials sector lags.
The big picture
UpGuard's report highlights a reactive approach to cybersecurity among ASX 200 companies, driven by periodic incidents rather than proactive strategies. The findings underscore the need for continuous monitoring and comprehensive risk management in an era of sophisticated identity threats and stringent regulatory requirements. The concentration of infostealer infections in larger organizations and the weak encryption standards across the board point to systemic vulnerabilities that could have cascading effects on the broader market.
What we're watching
- Identity Threats
- How the rise of sophisticated identity threats like infostealers will impact ASX 200 companies' security strategies.
- Regulatory Compliance
- Whether ASX 200 organizations can sustain continuous cyber risk posture management under Australia's Cyber Security Act 2024.
- Supply Chain Risk
- The pace at which ASX 200 companies transition to real-time vendor risk monitoring to mitigate cascade effects.
Related topics