CyberCX Hack Report: Insights from a year of offensive security testing

CyberCX Hack Report reveals top cyber vulnerabilities and exploits

CyberCX Hack Report

Melbourne, Australia – 8 April 2025


• Report compiles data from 2,500 CyberCX penetration tests and adversary simulations last year
• Three root causes were responsible for nine in ten findings
• Industries reliant on Operational Technology (OT) like healthcare and transport have higher rates of severe risk findings


CyberCX has released its Hack Report for 2025, revealing that Application and Development Security, Identity and Access Management, and Configuration and Patch Management were responsible for 90% of findings CyberCX’s offensive testers made last year.

With more than 150 penetration testers in Australia, New Zealand, the United Kingdom and United States, CyberCX’s Security Testing and Assurance (STA) practice is the largest private sector team of ethical hackers in the southern hemisphere and one of the largest in the world.

The report includes insights and trends from more than 2,500 engagements STA performed for 800 customers in 2024, yielding 26,000 individual findings – or roughly one finding every 20 minutes. Of this, 2,500 findings were classed as severe – meaning that had a criminal or threat actor found this vulnerability before CyberCX, the consequences to that organisation could have been devastating.

Key findings in the report include:

 

Liam O’Shannessy Executive Director, Security Testing & Assurance (STA) – Research & Capability said: “Our team of penetration testers, red teamers and security experts spend all hours of the day and night breaking into our customer’s networks, systems and environments – both physical and virtual – to find entry points that could be exploited by real attackers. Our objective is simple: we find these vulnerabilities before the bad guys do.

“The global threat landscape continues to evolve and cyber criminals and nation states are searching relentlessly for new vulnerabilities to exploit. Attackers and their techniques only get better – for defenders, this means that we need to focus our limited resources on activities that will address these real threats and get us ahead of the bad guys.

“By compiling the data and insights from more than 2,500 engagements we performed in 2024 our hope is that security professionals will be better informed about the state of vulnerabilities in our region and organisations will be better able to allocate their limited security resources.”

 

You can access the full report here: https://cybercx.com.au/resource/hack-report

ENDS

 


About CyberCX

CyberCX is the leading provider of end-to-end cyber security and cloud services. With a workforce of 1,400 cyber security professionals, CyberCX is a trusted partner to private and public sector organisations, helping customers confidently manage cyber risk, respond to incidents, and build resilience in an increasingly complex and challenging threat environment.

 


Contact

[email protected] 

Other News

CycberCx CTA Background

Ready to get started?

Find out how CyberCX can help your organisation manage risk, respond to incidents and build cyber resilience.