The Annual State of Cyber 2025
Backed by Triskele Labs’ reports, revealing the tactics, trends, and takeaways shaping the year ahead.
Behind the Breach: Triskele Labs’ 2025 DFIR Findings
Contrary to popular assumptions, most malicious activity did not originate from traditionally expected locations such as Russia, China, or parts of West Africa. Instead, Threat Actors frequently leveraged infrastructure based in more trusted regions to evade suspicion and avoid geo-blocking.
Ransomware and Business Email Compromise dominated, accounting for more than 75% of all cases. Ransomware activity doubled, yet only 4.8% of victims paid a ransom, reflecting improved resilience.
BEC cases surged by 86%, driven by session token theft and persistence within Microsoft 365. DFIR investigations revealed recurring weaknesses in remote access controls, monitoring, and password management, particularly in healthcare and finance.
Misguided Advice and Missed Opportunities
Despite positive headlines suggesting progress, Australia’s cyber security landscape remains deeply divided. Larger organisations, equipped with resources and expertise, continue to strengthen their defences and influence government policy.
Meanwhile, small- and medium-sized businesses struggle under the weight of compliance requirements and generic advice that fails to reflect operational realities.
As “trickle down” security pressures mount, smaller firms are forced to chase certifications and frameworks without addressing fundamental risks, leaving them vulnerable to opportunistic threat actors.
To close the gap, the focus must shift toward practical, accessible, and contextual cyber advice.
A year of smarter detection, faster response and measurable improvement.
FY25 marked another year of growth and operational excellence for the Triskele Labs Security Operations Centre (SOC). As cyber threats continued to evolve in sophistication and scale, our focus remained on delivering rapid, intelligence-led detection and response across every client environment.
During the year, the SOC processed more than 260,000 alerts — a 40% increase on FY24 — driven by expanding client coverage across finance, health, education, construction and critical infrastructure.
Despite this uplift, alert density per client remained stable, underscoring the efficiency of our tuning, correlation and automation initiatives.
Exposed: What 500+ Pen Tests Reveal
Triskele Labs’ State of Cyber – Offensive Report 2025 reveals key shifts in the threat landscape following more than 500 penetration testing engagements conducted across critical sectors during FY2024.
The Offensive Security team identified 3,887 vulnerabilities—averaging eight per engagement—while observing a significant decline in critical findings, indicating the value of ongoing testing and remediation programs.
However, persistent weaknesses remain, with low-severity vulnerabilities rising and recurring flaws in broken object authorisation, authentication, and misconfiguration continuing to dominate results.
Hear directly from the Triskele Labs team behind the State of Cyber report
.svg)
How not to get hacked?
- Based on real incidents
- Straightforward advice, non-technical language
- Applicable to finance, healthcare, legal & more
Benchmarking Microsoft 365 Security in Australian Organisations
The result — a clear, actionable snapshot of your organisation’s Microsoft 365 security posture, with practical recommendations to strengthen your defences and align with standards such as the ASD Essential Eight and CIS benchmarks.
We are the only cybersecurity experts you’ll ever need to talk to.
We consider every business we work with a partner – not just a customer. At Triskele Labs, we work with you to understand your risks, goals, challenges and culture to develop Cyber Security solutions tailored to your business. With us by your side, you can be confident that your data and systems are secure – and that you have a trusted, responsive and experienced partner to protect your business.
