If the skull and crossbones wasn’t already threatening enough, the accompanying message made the situation clear.

“If you see this text, then your files are no longer accessible, because they have been encrypted” was the text that greeted workers when they switched on their computers at Cadbury’s factory in Hobart. “Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service.”

The Petya ransomware attack, in June 2017, halted chocolate bar production in Hobart and ultimately cost Cadbury’s parent company, Mondelez International, an estimated $140 million in lost revenue. It was also among the first of what has become an avalanche of ransomware attacks to hit Australian businesses, which industry insiders say are chronically underprepared to deal with such incidents.

St Vincent’s Health and Court Services Victoria recently joined the fast-growing list of high-profile organisations scrambling to respond to debilitating cyber incidents, which have by now impacted almost every Australian.

The attacks are not an outlier but are instead a “new normal”, according to cyber professionals, who say a cultural shift is needed more than any new suite of technical defences. They say Australia was never a primary target for cybercriminals until recently, and they hope the recent spate of attacks will serve as a belated wake-up call after years of a lack of interest and underinvestment.

Jamieson O’Reilly is the founder of cybersecurity firm Dvuln, which Australian companies and government agencies pay to find IT vulnerabilities.

“Security in Australia is by and large still considered a grudge purchase,” O’Reilly says. “We need a cultural shift.”

Jamieson O’Reilly, the Founder and CEO of the cybersecurity firm DVULN.Credit: AFR

A 17-year-old can pay less than $100 to gain access to an infected computer belonging to an employee of a billion-dollar company, according to O’Reilly, and the balance of power now rests squarely with the hackers.