The latest Australian Cyber Security Centre (ACSC) / Australian Signals Directorate (ASD) Annual Cyber Threat Report paints a sobering picture of evolving adversary capabilities and mounting risk. For OT leaders, now is the time to interpret these trends with a specific lens—and act accordingly.
1. Greater sophistication of state-sponsored and criminal actors
The 2023-24 ACSC report makes clear that Australia is facing “the most complex and challenging strategic environment since the Second World War”. Malign state actors and cybercriminal groups alike are refining their tradecraft—ennobling remote-access trojans, reconnaissance, supply-chain exploitation and ransomware pivoting—from IT into OT and critical-infrastructure regimes. The report notes that threats to “our networks, critical systems and infrastructure” are intensifying.
For OT operators, this means that the assumption of “ancient OT systems are somehow off-limits” no longer holds. Legacy and bespoke control systems are now legitimate targets, particularly where they provide lateral pathways from IT. The operational disruption or physical-safety implications of such attacks make OT environments uniquely attractive to threat actors.
2. Critical infrastructure targeted and incident volumes rising
In FY 2023-24, the ACSC documented more than 36,700 calls to its hotline (a 12 % increase) and over 87,000 cybercrime reports (on average one every six minutes). Importantly, about 11 per cent of the ~1,100 cyber-security incidents handled by ACSC directly involved assets classed as critical infrastructure.
For OT operators, the implication is clear: the threat surface is no longer abstract—it is real, observable and growing. Control-system breach, OT ransomware, supply-chain compromise and degraded availability of service are no longer “what-if” scenarios but “when”. Organisations must treat their OT infrastructure as part of the national critical-infrastructure fabric and plan accordingly, not simply as internal housekeeping.
3. Supply-chain and vulnerabilities: higher risk of OT compromise
Earlier ACSC reports highlighted that many compromises rely not on highly bespoke zero-day malware, but on unpatched or mis-configured systems, and exploitation via third-party service providers. The 2023-24 edition emphasises this further by referencing visibility, network-connected systems and the need for stronger partnerships and reporting.
For OT environments—where hardware may persist for decades, replacements are disruptive and patching windows are constrained—this is a critical vulnerability. The supply chain into OT (vendors, integrators, remote-service providers) now represents a direct avenue for threat actors. OT operators must prioritise inventory, segmentation, vendor-management and vulnerability-monitoring across systems that may not have been designed for current threat profiles.
4. Ransomware and extortion increasingly affecting industrial firms
While the ACSC figures are often cast in broad economy-wide terms, previous editions noted that ransomware incidents rose markedly: in one year, the number of ransomware-related incidents the ACSC responded to increased by 75 % year-on-year. Many of these attacks leveraged lateral movement from IT networks into operational systems.
For OT leaders, the threat is no longer purely data-theft: the risk of production stoppage, equipment damage, safety breaches or regulatory shutdown is real. Resilience planning must assume ransomware actors multiply their leverage by bridging IT/OT domains. Ensuring OT visibility, immutable backups, segmentation, and incident-response readiness are now foundational.
The Orro View
At Orro, we believe that OT cyber-resilience hinges on three interconnected pillars: visibility, segmentation and preparedness. Visibility means knowing every system on the operational network, understanding its communications, its identity and its risk-profile. Segmentation means designing OT zones so that a compromise in one cell does not enable lateral escape into critical control or safety systems. Preparedness means having tested incident-response playbooks that reflect OT realities—limited maintenance windows, safety-first procedures and coordinated recovery between IT, OT, service-vendors and management.
The ACSC report reinforces that the future is adversarial, interconnected and relentless. For industrial operators, complacency is no longer an option. The asset-lifecycles are longer, the budget cycles slower and the risk climate tougher. Having walked these environments with major mining, energy, utilities and manufacturing clients, Orro’s experience shows that firms who embed OT-cyber as part of their wider risk-management and transformation roadmap are better placed to cope with today’s evolving threat landscape.
Conclusion
The latest ACSC Cyber Threat Report delivers a clear warning: threats targeting operational systems and critical infrastructure are evolving, escalating and right at the door. Ignoring the OT dimension—or treating it as an afterthought—exposes organisations to undesired outcomes in safety, compliance and continuity.
If you’re concerned about the resilience of your operational environments, Orro’s experts can help you assess where your organisation stands — and how to strengthen it.
Download our OT Cyber Resilience Action Plan for practical steps to improve visibility, compliance and protection across your OT network.
Sources: Australian Cyber Security Centre (ACSC) Annual Cyber Threat Report 2023–24; Australian Government Department of Defence media release (2024). Additional context from Claroty and Fortinet partner materials.
