Human error and social engineering scams were also rising in the Asia Pacific region, it found, although artificial intelligence software had yet to help criminals spread their reach.
Verizon Business issued the warnings in its annual Data Breach Investigations Report on Thursday, which analysed more than 22,000 security incidents and more than 12,000 data breaches around the world.
The findings come weeks after major Australian superannuation firms were targeted in an online attack that siphoned $750,000 from one fund, triggering an investigation by the National Cyber Security Co-ordinator.
The data breach report analysed online incidents from 139 countries in 2024 and found attacks involving ransomware spiked during the year, rising 37 per cent to make up 44 per cent of all data breaches.
The financially motivated attacks were more prevalent in Australia, the study found, with figures showing ransom demands were issued in 51 per cent of data breaches in the Asia Pacific region.
Small to medium-sized organisations were also the most commonly targeted with ransomware, while large organisations received half the rate of attacks.
Smaller companies were often more vulnerable and more likely to pay ransoms, Charles Sturt University AI and Cyber Futures Institute executive director Ganna Pogrebna said, simply because they were not prepared for them.
"When we have finance companies, for example, they're quite sophisticated in understanding ransomware and following guidelines, not paying ransoms and thinking about resilience," she said.
"You would be surprised how many companies have never thought about what they're going to do."
Despite the rise in attacks, the report found the median amount paid to ransomware groups fell from $US150,000 to $US115,000 in 2024, with almost two in three organisations choosing not to pay.
Other online threats identified in the analysis included breaches involving third parties and those involving human error, which played a role in 60 per cent of all data breaches.
AI technology did not take "over the threat landscape" as feared, the report noted, despite evidence it had been used to craft more convincing phishing emails.
The technology remained a threat in the hands of online criminals, Professor Pogrebna said, and advancements in its use should be monitored.
"The next thing to watch out for will be more sophisticated generative AI tools," she told AAP.
"AI in itself is not providing anything new but it allows cyber criminals to do things better and at scale."
The growing number of data breaches also warranted more attention from organisations, Verizon Business Asia Pacific regional vice-president Robert Le Busque said, and reassessment of their defences.
"This year's report reinforces the complexity and persistence of cyber threats facing organisations worldwide," he said.
The Australian Signals Directorate responded to more than 1100 cybersecurity incidents in 2024, according to its annual report, while calls to the Australian Cybersecurity Hotline rose by 12 per cent.
19°C