UpGuard’s ASX 200 Cybersecurity Report Reveals 10% of Companies Infected by Dark Web Infostealers
In a significant revelation, UpGuard’s latest ASX 200 Cybersecurity Report indicates that 10% of Australia’s largest publicly listed companies are grappling with active infections from infostealers, a type of malware that targets sensitive information. This alarming statistic underscores the ongoing vulnerabilities within the cybersecurity landscape, particularly as organizations navigate increasingly sophisticated threats.
Key Findings from the Report
The report, released on May 20, 2026, highlights several critical insights regarding the cybersecurity posture of the ASX 200 companies. The average security score for these organizations was 728.5 out of a possible 950, translating to a B rating. This score reflects a modest improvement of 1.58% from the previous year, primarily attributed to reactive security measures implemented following significant incidents.
Identity as the Primary Attack Vector
One of the most concerning findings is that one in ten ASX 200 companies expressed high confidence that their credentials were circulating in infostealer logs. Notably, 71% of these infections were concentrated in the largest organizations, indicating that bigger firms may be more attractive targets for cybercriminals.
Supply Chain Risks
The report also highlights the cascading risks associated with supply chains. Many ASX 200 companies rely on a limited number of core Software as a Service (SaaS) platforms. This dependency creates a scenario where vulnerabilities in a single vendor can potentially compromise hundreds of companies, amplifying the risk across the sector.
Encryption Vulnerabilities
For the second consecutive year, encryption was identified as the weakest link in the cybersecurity framework of these organizations. The report emphasizes that inadequate encryption practices leave sensitive data exposed, significantly increasing the risk of data breaches.
Sector Performance Disparities
The report further categorizes the performance of different sectors within the ASX 200. The Information Technology sector scored the highest, with an average of 776, followed closely by Utilities at 769. In contrast, the Materials sector lagged behind with a score of 673, indicating a need for enhanced security measures in that area.
Volatility in Security Posture
Another critical observation is the volatility of the attack surface. Nearly one-third of companies experienced a decline in their security posture compared to 2024. This fluctuation raises concerns about the effectiveness of current security strategies and the need for continuous monitoring.
Implications for Cybersecurity Strategy
Greg Pollock, Director of Research and Insights at UpGuard, emphasized the necessity for organizations to adopt a proactive approach to cybersecurity. He stated that the rise of sophisticated identity threats, coupled with new mandates under Australia’s Cyber Security Act 2024, indicates that periodic security checks are insufficient.
Pollock advocates for a shift towards continuous, comprehensive cyber risk posture management, which encompasses a holistic view of an organization’s security landscape. He identified three critical factors for success: awareness of changes, timely remediation, and adherence to security fundamentals.
Recommendations for Improvement
To enhance their cybersecurity posture, the report suggests several actionable recommendations for ASX 200 companies:
-
Implement Continuous External Scanning: Organizations should regularly assess their visibility on the public Internet to identify potential vulnerabilities.
-
Transition to Real-Time Vendor Risk Monitoring: Continuous monitoring of vendor risks can help mitigate cascading threats arising from third-party dependencies.
-
Deploy Dark Web Monitoring: Organizations are encouraged to invest in dedicated monitoring solutions to detect credential exposure and other threats lurking in the dark web.
Methodology
The findings in UpGuard’s report are based on a rigorous analysis conducted through its Cyber Risk Posture Management (CRPM) platform. This platform employs a proprietary scoring algorithm that evaluates external cybersecurity posture on a scale of 0 to 950, with deductions applied for identified risks and vulnerabilities.
For those interested in a deeper dive into the report, it is available for download here.
Upcoming Events
To further discuss industry insights and the future of cyber risk, UpGuard is hosting its quarterly APAC Summit on May 21 at 1:00 PM AEST. Registration for this online event can be completed here.
About UpGuard
Founded in 2012, UpGuard is a leader in cybersecurity and risk management. The company’s AI-powered platform for Cyber Risk Posture Management (CRPM) provides organizations with a centralized view of cyber risk across their vendors, attack surfaces, and workforce. Headquartered in Hobart, Tasmania, with a US office in Mountain View, California, UpGuard is committed to helping security teams manage cyber risk effectively.
For more information, visit www.upguard.com.
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
