"The sheer complexity and interconnectedness of different elements of our digital economy means we can expect rapid exponential growth in the number, speed, and severity of breaches - far beyond what any single organisation can tackle on its own."
The CSIRO report was released at a cyber security conference yesterday, joined by another disturbing analysis of an online survey of identity theft in Australia by the Australian Institute of Criminology.
This showed that more than 20 per cent of respondents had reported misuse of personal information - some up to 20 times - most of it stolen through computer hacking, or from online banking and shopping, email, or ATM and eftpos transactions.
Most involved stolen credit and debit card data, names or bank account information, and was used mainly to steal money from bank accounts, to fraudulently apply for loans or credit, or to buy goods.
This led to some victims being refused credit or being wrongly accused of crimes.
The CSIRO report said cyber-criminals could use "Heartbleed-like vulnerabilities" to defraud the healthcare system of up to A$16 billion ($17 billion) by 2023, disable energy grids at critical times - such as during heatwaves - and hack into government databases to leak or sell confidential data.
This could include anything from individuals' tax file numbers and patient records to sensitive national security and defence information.
Heartbleed exploits a crucial internet security flaw, enabling attackers to gain access to encrypted passwords, credit card details, and other data on websites including Facebook, Gmail, Instagram, and Pinterest.
"The more we rely on digital services for our basic needs like healthcare and energy, the more drastic the consequences of any breach may be," Deverell said.
Already, cybercrime costs Australia up to A$2 billion a year, with more than five million victims annually. Australian computers were hit by about 17.6 million malware infections in 2008.
The CSIRO used three scenarios to illustrate the growing threat.
In the first, a disgruntled employee attacks an unprotected part of the highly-automated electricity grid to shut down the system during a heatwave, causing power failures across the nation, losses running into the billions, and several suspected deaths.
In another, criminals hack into digital health services to steal billions of dollars in fraudulent claims and even breaking into sensitive patient records to demand "ransoms" of millions of dollars from hospitals.
In the third scenario, when "hacktivists" - hackers driven by ideology or political beliefs - break into classified government records, an unknown third party uses the same method to steal mountains of data on citizens.
Professor Jay Guo, research leader of the CSIRO's Smart, Secure Infrastructure division, said Australian organisations needed to overcome their fear of potential damage from disclosure of computer breaches and work together to devise counter-measures.
Criminal actions needed to be anticipated. "No system will ever be perfect, but we can prevent and minimise the impact of even extremely complex threats by approaching cyber security as a community."
Cyberspace invaders
• Growing dependence on an increasingly digital world is opening Australia to more serious cyber attacks.
• Key services such as electricity supplies and confidential bank, government and other business data - including personal banking, health and tax records - are likely targets.
• More than 20 per cent of Australians surveyed have lost personal financial and other data to hackers, online scammers and ATM fraudsters, later used to raid bank accounts or in other frauds.
• Cybercrime already costs Australia up to A$2 billion a year.
