Technology

UpGuard’s ASX 200 Cybersecurity Report Reveals 10% of Major Companies Face Active Infostealer Infections

Date:

UpGuard’s ASX 200 Cybersecurity Report Reveals 10% of Major Companies Face Active Infostealer Infections

A recent report by UpGuard has unveiled that 10% of Australia’s largest publicly listed companies are currently dealing with active infections from infostealers, a form of malware designed to extract sensitive information. This statistic highlights significant vulnerabilities in the cybersecurity framework of these organizations, particularly as they confront increasingly sophisticated cyber threats.

Key Findings from the Report

Released on May 20, 2026, the UpGuard ASX 200 Cybersecurity Report provides critical insights into the cybersecurity posture of these companies. The average security score among the ASX 200 was recorded at 728.5 out of a possible 950, which equates to a B rating. This score represents a modest increase of 1.58% compared to the previous year, largely due to reactive security measures adopted following notable incidents.

Identity as the Primary Attack Vector

A particularly alarming finding indicates that one in ten ASX 200 companies is highly confident that their credentials are circulating in infostealer logs. Notably, 71% of these infections were found in the largest organizations, suggesting that bigger firms may be more appealing targets for cybercriminals.

Supply Chain Risks

The report also sheds light on the cascading risks associated with supply chains. Many ASX 200 companies depend on a limited number of core Software as a Service (SaaS) platforms. This reliance creates a scenario where vulnerabilities in a single vendor can jeopardize hundreds of companies, amplifying risk across the sector.

Encryption Vulnerabilities

For the second consecutive year, encryption has been identified as the weakest link in the cybersecurity frameworks of these organizations. The report emphasizes that inadequate encryption practices leave sensitive data vulnerable, significantly heightening the risk of data breaches.

Sector Performance Disparities

The report categorizes the performance of various sectors within the ASX 200. The Information Technology sector achieved the highest score, averaging 776, followed closely by Utilities at 769. In contrast, the Materials sector lagged with a score of 673, highlighting the need for improved security measures in that area.

Volatility in Security Posture

Another critical observation from the report is the volatility of the attack surface. Nearly one-third of companies reported a decline in their security posture compared to 2024. This fluctuation raises concerns about the effectiveness of existing security strategies and underscores the necessity for ongoing monitoring.

Implications for Cybersecurity Strategy

Greg Pollock, Director of Research and Insights at UpGuard, stressed the need for organizations to adopt a proactive approach to cybersecurity. He noted that the rise of sophisticated identity threats, combined with new mandates under Australia’s Cyber Security Act 2024, indicates that periodic security checks are no longer sufficient.

Pollock advocates for a shift toward continuous, comprehensive cyber risk posture management, which encompasses a holistic view of an organization’s security landscape. He identified three essential factors for success: awareness of changes, timely remediation, and adherence to security fundamentals.

Recommendations for Improvement

To bolster their cybersecurity posture, the report outlines several actionable recommendations for ASX 200 companies:

  • Implement Continuous External Scanning: Organizations should regularly assess their visibility on the public Internet to identify potential vulnerabilities.
  • Transition to Real-Time Vendor Risk Monitoring: Continuous monitoring of vendor risks can help mitigate cascading threats arising from third-party dependencies.
  • Deploy Dark Web Monitoring: Organizations are encouraged to invest in dedicated monitoring solutions to detect credential exposure and other threats lurking in the dark web.

Methodology

The findings in UpGuard’s report are based on a thorough analysis conducted through its Cyber Risk Posture Management (CRPM) platform. This platform utilizes a proprietary scoring algorithm that evaluates external cybersecurity posture on a scale of 0 to 950, applying deductions for identified risks and vulnerabilities.

For those interested in a deeper dive into the report, it is available for download here.

Upcoming Events

To further discuss industry insights and the future of cyber risk, UpGuard is hosting its quarterly APAC Summit on May 21 at 1:00 PM AEST. Registration for this online event can be completed here.

About UpGuard

Founded in 2012, UpGuard is a leader in cybersecurity and risk management. The company’s AI-powered platform for Cyber Risk Posture Management (CRPM) provides organizations with a centralized view of cyber risk across their vendors, attack surfaces, and workforce. Headquartered in Hobart, Tasmania, with a US office in Mountain View, California, UpGuard is dedicated to helping security teams manage cyber risk effectively.

For more information, visit www.upguard.com.

For ongoing coverage and breaking updates, visit our Latest News section.

Published on 2026-05-20 08:46:00 • By the Editorial Desk

Previous article
Arsenal Crowned Premier League Champions for First Time in 22 Years After Manchester City Draws with Bournemouth
Next article
LIXIL Achieves 22.9% Surge in Core Earnings Driven by Robust Middle East Demand

Share post:

Subscribe

Popular

More like this
Related