Cyber harassment, also known as online harassment, is a growing problem that affects people of all ages and backgrounds.
It refers to any unwanted or hostile behaviour directed at an individual through electronic means, such as social media, email, text message, or other online platforms.
This type of harassment can take many forms, including verbal and non-verbal abuse, stalking, and threats of violence.
It can also include the sharing of personal information or images without consent called doxxing – and online impersonation.
Cyber harassment can take place in any online setting, such as social media, online gaming, or dating sites.
The Scale of the Problem: What the Data Tells Us
Before exploring how to respond to cyber harassment, it is important to understand just how widespread the problem has become – particularly in Australia.
These figures paint a clear picture: cyber harassment is not a fringe problem or an issue confined to high-profile individuals.
It is a mainstream risk affecting ordinary Australians at work, at home, and online.
Critically, the AIC notes that most cybercrime still goes unreported – meaning the real prevalence is likely to be significantly higher than survey data captures.
Common Forms of Cyber Harassment
Some common forms of cyber harassment include:
- Verbal abuse and bullying through social media, email, or text message
- Stalking through social media or email
- Threats of violence or harm
- Doxxing, or the sharing of personal information or images without consent
- Online impersonation, including the creation of fake accounts or profiles
- Harassment through online gaming or dating sites
- Harassment or threats through anonymous or encrypted apps
Tech-based sexual harassment, including unsolicited sexual messages, images, or comments made through workplace platforms
Who Is Most at Risk?
While cyber harassment can affect anyone, the AIC’s research identifies specific groups that face disproportionate risk:
- Young people aged 18–34
- First Nations Australians
- LGBTQIA+ communities
- People with disabilities
- Small and medium business owners and operators
In workplace contexts, the eSafety Commissioner notes that online abuse can come from colleagues, managers, customers, clients, or suppliers – and may occur during work hours, outside of them, or while working remotely.
This is a critical point for employers: cyber harassment is not limited to what happens on company devices or during business hours.
If abusive behaviour is connected to someone’s job – even if it happens on a personal device or after-hours – it may still fall within the scope of your WHS obligations.
Cyber Harassment in the Workplace: What Australian Employers Are Legally Required to Do
For Australian businesses, cyber harassment is not just an HR matter. It sits squarely within the framework of workplace health and safety law.
Your WHS Duty of Care Covers Online Abuse
Under Australian WHS laws, employers – referred to as Persons Conducting a Business or Undertaking (PCBUs) – are required to ensure the health and safety of workers so far as is reasonably practicable.
Importantly, “health” under the WHS Act is defined broadly to include psychological health.
Safe Work Australia has confirmed that online abuse is a psychosocial hazard.
This means employers must identify, assess, and control the risks of cyber harassment – not just physical risks in the physical workplace.
The Safe Work Australia Model Code of Practice: Managing Psychosocial Hazards at Work sets out a four-step risk management process that applies to online abuse, bullying, and technology-facilitated harassment.
The Positive Duty Under the Sex Discrimination Act
Since December 2022, a positive duty under the Sex Discrimination Act 1984 (Cth) requires all employers to proactively prevent sexual harassment – including online sexual harassment.
This is not a reactive obligation. Employers cannot wait for a complaint to be made.
The Australian Human Rights Commission has the power to enforce compliance with this positive duty. Organisations that fail to comply can face investigation and enforcement action.
Vicarious Liability: The Risk Employers Often Underestimate
Australian employers can be held vicariously liable for cyber harassment carried out by their employees, unless the employer can demonstrate they took all reasonable steps to prevent the conduct.
What does “reasonable steps” look like in practice?
Courts and regulators consistently look for documented evidence of clear policies that have been acknowledged by staff, training that is recorded and up to date, complaint processes that are functional and accessible, and timely responses when incidents are reported.
Good intentions are not a defence. Documented systems are.
State and Territory Variations
It is worth noting that psychosocial safety requirements have been adopted across most Australian states and territories, though with some variations.
Victoria, for example, introduced standalone psychosocial regulations under its OHS Act in 2025. NSW updated its WHS Regulations in 2025 to more explicitly require higher-order control measures – not just policy or training.
If your organisation operates across multiple jurisdictions, it is worth seeking guidance specific to each state or territory.
The general principle – that employers must proactively manage online abuse as a psychosocial risk – applies broadly across Australia.
The Impact of Cyber Harassment
Cyber harassment can have serious and long-lasting effects on its victims, including emotional distress, depression, and anxiety.
It can also lead to physical symptoms such as headaches and sleep disturbances. In extreme cases, it can lead to self-harm.
Cyber harassment can also make it difficult for the victim to use technology and social media, which can have significant impacts on social connections and job opportunities.
In workplace settings, the organisational impact of unmanaged cyber harassment extends well beyond the individual:
- Increased absenteeism and sick leave
- Lower productivity and staff morale
- Higher staff turnover
- Exposure to regulatory investigation or WorkCover claims
- Reputational damage if complaints become public
The AIC’s 2024 data found that approximately 29% of online abuse and harassment victims attempted to recover losses, but most were unsuccessful.
This underscores that the harm from cyber harassment is often difficult to reverse – making prevention the only reliable strategy.
What “Reasonable Steps” Looks Like in Practice
For HR managers and compliance leads, the question is not whether cyber harassment could happen in your organisation – it almost certainly can.
The question is whether you can demonstrate that you took reasonable steps to prevent and respond to it.
Practically, this means having in place:
1. A Clear, Documented Policy
Your workplace policy should explicitly cover online conduct – including what constitutes cyber harassment, the consequences of breaching the policy, and how to report an incident.
Policies need to be acknowledged by staff, not just distributed.
2. Training That Is Legally Grounded
Training on cyber harassment and online conduct should go beyond general awareness.
It needs to clearly link expected behaviours to legal obligations under Australian workplace law – and it needs to be delivered to all staff, not just managers.
Critically, training records must be maintained so you can demonstrate completion if a claim is made against your organisation.
3. A Functional Complaints Process
Staff need to know how to report cyber harassment, and they need confidence that reports will be taken seriously. A complaints process that exists only on paper provides no real protection.
4. Timely, Documented Responses
When an incident is reported, your response needs to be prompt and documented. Delayed responses – or responses that are not recorded – create significant legal exposure.
5. A Centralised System for Tracking All of the Above
One of the most common compliance gaps is that policies, training records, incident reports, and policy acknowledgements sit in separate places – making it impossible to demonstrate a coherent compliance position.
Bringing these into a single system significantly reduces risk.
Steps to Take to Stop Cyber Harassment
If you or someone in your organisation is experiencing cyber harassment, some immediate steps include:
- Block or unfriend the harasser on social media
- Use privacy settings to limit who can see your information and posts
- Report the harassment to the platform or service where it is taking place
- Save any harassing messages or posts as evidence
- Consider a restraining order if the harassment escalates or becomes threatening
- Reach out for support from friends, family, or a therapist
- Seek legal advice in cases involving libel, defamation, or violation of privacy
- If the incident occurs in a workplace context, report it to your manager or HR team and follow your organisation’s complaints process
If you are an employer responding to a report of cyber harassment, do not treat it as a personal matter between two employees.
Engage your complaints process, document your response, and consider whether immediate protective measures – such as changes to rostering or reporting lines – are needed while the matter is investigated.
Conclusion
Cyber harassment is a serious issue that affects people of all ages, backgrounds, and workplaces.
The data is unambiguous: nearly half of Australians experienced cybercrime in the past year, and online abuse and harassment was the most commonly reported category.
For individuals, the steps are clear: document incidents, report them, use platform tools to protect yourself, and seek support.
For Australian employers, the obligation goes further.
Under WHS law, online harassment is a psychosocial hazard that must be actively managed – with documented policies, legally grounded training, functional complaints processes, and evidence of action.
Vicarious liability means that inaction is not a neutral position.
The organisations that get this right are not necessarily the ones with the biggest compliance budgets.
They are the ones who treat cyber harassment as a legal and operational risk – and build the systems to manage it accordingly.
Working in GRC, compliance, or HR in Australia or New Zealand? Sentrient provides compliance training courses, policy management, and GRC tools designed for Australian workplace law.
Speak with our team to find out how we can help your organisation manage online abuse and psychosocial risk.
Frequently Asked Questions
1. Is cyber harassment illegal in Australia?
Yes. Depending on the conduct, cyber harassment may constitute a criminal offence under state or federal law, including provisions covering stalking, threatening communications, and image-based abuse. Employers also have legal obligations under WHS laws to manage online abuse as a psychosocial hazard.
2. What is the difference between cyberbullying and cyber harassment?
Cyberbullying typically refers to repeated abusive behaviour targeting individuals, often in peer or school contexts. Cyber harassment is a broader term covering unwanted or hostile online conduct directed at any individual, including in adult and workplace settings.
3. What are employers legally required to do about online harassment in Australian workplaces?
Under WHS laws, Australian employers must identify and manage online abuse as a psychosocial risk. The Sex Discrimination Act also places a positive duty on employers to proactively prevent sexual harassment, including online forms. Vicarious liability applies if reasonable preventive steps are not taken.
4. How common is cyber harassment in Australia?
According to the Australian Institute of Criminology’s 2024 report, 26.8% of Australians experienced online abuse or harassment in the prior 12 months, making it the most commonly reported form of cybercrime in Australia.
5. What evidence should I collect if I experience cyber harassment at work?
Document everything: save screenshots of messages, posts, or emails with timestamps; note dates, times, and the platforms used; record any witnesses; and report the conduct through your organisation’s formal complaints process. Evidence is critical if the matter escalates to a legal or regulatory process.
