Aon’s 2025 Cyber Risk Report: AI-Driven Cyberattacks, Supply Chain Vulnerabilities Escalate Risk Landscape in Australia
Facing the New Frontier of Cyber Risk Marked by AI-Driven Threats
Aon plc, a leading global professional services firm, has released the Australia-specific findings from its 2025 Cyber Risk Report. The report highlights the growing impact of Artificial Intelligence (AI)-enabled cyberattacks and the increasing exposure created by third-party technology supply chains.
The 2025 Cyber Risk Report reveals that Australian organisations are facing a new frontier of cyber risk, where traditional defences are being outpaced by the speed and sophistication of AI-driven threats.
“AI is no longer a future threat—it’s a present-day reality,” said Adam Peckman, Head of Risk Consulting and Cyber Solutions in APAC and Global Head of Cyber Risk consulting at Aon. “We’re seeing relatively unsophisticated actors now wielding tools that rival state-sponsored capabilities. The barrier to entry has dropped dramatically, and the velocity of attacks is only increasing.”
One of the most concerning developments is the emergence of AI-powered social engineering attacks. Last year saw an incident involving the theft of USD $25 million from a large UK engineering firm through a deepfake-enabled scam—an attack that has since been replicated onshore in Australia at smaller financial scale. These incidents underscore the growing accessibility and replicability of such tactics.
2025 Cyber Risk Report Identifies Critical Vulnerability
In addition to AI threats, the report identifies technology supply chains as a critical vulnerability. A number of high-profile Australian breaches have stemmed from third-party compromises, where attackers exploit weaker security standards in vendors with privileged access to client systems.
“Organisations must start treating their vendors as part of their own attack surface,” added Joerg Schmitz, Cyber Risk Quantification and Analytics Leader for APAC at Aon. “The most lucrative attacks are those that can be scaled across multiple targets through a single compromised supplier. This is a wake-up call for Australian businesses to reassess how they manage third-party risk.”
Despite continued investment in cybersecurity, the 2025 Cyber Risk Report warns that core controls are being circumvented or rendered obsolete by evolving tactics. The use of AI to optimise every stage of the attack chain—from reconnaissance to execution—demands a fundamental rethink of defensive strategies.
Aon’s 2025 Cyber Risk Report draws on CyQu data from over 3,000 clients globally and analyses more than 1,400 cyber events to identify emerging trends. The platform enables organisations to benchmark their cyber maturity, align insurance and security strategies, and make more informed, data-driven decisions.
Aon’s 2025 Cyber Risk Report can be found here.
