Cyber attack v scams: are we framing the threat the right way?

Written By Kylee Dennis

At the recent Women in Cyber Security Summitt the head of the Australian Signals Directorate Australian Cyber Security Centre, Stephanie Crowe, noted that Australia experiences a cyber-attack roughly every six minutes. It is a statistic that rightly draws attention to the risks facing national infrastructure, businesses and government systems.

But it also raises a question that deserves equal attention.

If cyber-attacks are occurring every six minutes, how often are scams occurring?

Based on national reporting data, scams are reported in Australia almost every minute. When we consider the large number of incidents that go unreported, the real figure is likely far higher.

Despite the scale of the harm, scams have historically been treated primarily as a consumer protection issue, although recent initiatives such as the National Anti-Scam Centre are beginning to shift this toward a more coordinated national response.

This shift is important because the impact of scams on Australians is enormous.

The Financial Impact

Australians reported more than two billion dollars lost to scams in a single year. These losses occur directly at the individual level. Retirement savings disappear. Life savings vanish. The emotional consequences can last for years.

In 2024 alone, Australians reported $2.3 billion lost to scams, making it one of the costliest forms of crime affecting individuals.

Cyber incidents also generate significant financial damage, but the costs are often measured differently. They include system recovery, operational downtime, data restoration and disruption to services.

Both crimes are serious. Both require national attention. But the way we frame them in public conversation and policy discussions can differ significantly.

The Language We Use

Cyber incidents are described using language that signals urgency and national importance.

Terms such as threat actors, incident response, intelligence sharing and national resilience are common in cyber security discussions.

Scams are described very differently.

The language often centres on awareness campaigns, fraud prevention and consumer education. Victims sometimes feel they are blamed for being deceived.

Yet the two crimes share many similarities.

Both rely on deception.
Both exploit digital systems.
Both are often operated by organised international networks.

One targets infrastructure.
The other targets human trust.

The Treatment of Victims

When an organisation experiences a cyber-attack, it is clearly recognised as a victim of crime. Government agencies investigate. Technical experts respond. The focus is on identifying and disrupting the attackers.

When an individual experiences a scam, the response can be very different. Many victims experience shame or embarrassment. Some hesitate to report what happened at all.

This difference has real consequences. Under reporting limits the intelligence available to investigators and allows criminal networks to continue operating with less disruption.

Intelligence Sharing

Cyber security operates within a mature intelligence sharing environment. Government, industry and international partners routinely exchange threat intelligence to identify emerging attack patterns.

Scam intelligence sharing has historically been more fragmented. Information may sit with banks, telecommunications providers, online platforms, regulators and law enforcement without a complete picture of the criminal ecosystem.

Australia has taken significant steps in recent years, particularly with the establishment of the National Anti-Scam Centre and stronger cross-industry collaboration. These initiatives represent important progress toward treating scams as a systemic digital crime problem rather than solely a consumer issue.

However the scale and sophistication of modern scam operations suggest that further coordination and data sharing across sectors will continue to be essential.

The Emerging Policy Question

Recent scam prevention reforms aim to strengthen obligations across sectors such as banking, telecommunications and digital platforms. These initiatives are designed to increase accountability and improve disruption of scam activity.

However some sectors where scams frequently originate, including certain online dating platforms, have not always been at the centre of these frameworks.

Given the significant role that digital platforms can play in facilitating connections between victims and offenders, this raises broader questions about how responsibility is distributed across the digital ecosystem.

A Different Way to Look at the Problem

There is an interesting parallel between hackers and scammers.

A hacker breaches a system once and causes widespread disruption.

A scammer breaches trust once and can take a person’s life savings.

Both acts rely on exploiting vulnerabilities. One vulnerability is technical. The other is human.

If we applied the same strategic thinking used in cyber security to scam prevention, we might start asking different questions.

What intelligence is being shared?
How quickly are emerging patterns identified?
How effectively are the criminal networks behind these operations disrupted?

A Broader Perspective

Cyber attacks and scams are not separate worlds. They exist within the same evolving digital crime environment.

Protecting infrastructure is essential.

Protecting people is equally essential.

Perhaps the real opportunity lies in bringing these conversations closer together. Because when a scam succeeds, it is not simply a case of someone being deceived. It represents a sophisticated criminal operation that has successfully penetrated human trust.

And that deserves the same level of attention, intelligence and national focus that we already apply to cyber threats.

Kylee Dennis
Next

From Detective to Defender: How Kylee Dennis Turned Pain Into Purpose