Malicious or criminal attacks were the largest source of data breaches in the October-to-December 2018 quarter, the Office of the Australian Information Commissioner’s (OAIC) latest quarterly report has revealed.
There were 168 notifiable data breaches (NDBs) caused by malicious or criminal attacks and they accounted for 64% of the total of 262 breaches in the quarter.
Of the 168 breaches, 68% involved cyber incidents, such as phishing, malware or ransomware, brute-force attacks, and compromised or stolen credentials. Human error accounted for a third of all breaches.
Gerry Power, Head of Sales at Emergence Insurance, said many cyber incidents in the quarter exploited vulnerabilities involving human factors, such as clicking on attachments to phishing emails or inadvertently disclosing passwords.
Data breaches continue to increase, emphasising the vital need for employers to educate their employees.
Since the NDB scheme was introduced on 22 February 2018, there have been 812 notifications, which is a massive 612% increase on the 114 notifications in the year before the scheme’s launch.
Data breaches involving human error, resulting in the unintended release or publication of personal information, impacted on the largest numbers of people, with an average of 17,746 affected individuals per breach.
The health sector experienced its worst-ever quarter, with its largest number of NDBs since the scheme began and a 20% increase on the prior quarter. Human error accounted for 54%, which was well above the industry average.
The finance sector also experienced its largest number of breaches since the scheme began. They were up 14% on the last quarter and 70% resulted from malicious or criminal attacks.
The latest report, the scheme’s fourth, showed the NDB scheme was having a material impact on data breach disclosures. The number of notifications continued to increase every quarter and the healthcare and finance sectors continued to be most impacted.
Gerry said: “People keep finding new ways to make mistakes, but there’s no doubt staff education can materially reduce the potential for data breaches.”
Emergence plays a role through conducting in-house education sessions, online seminars, and a social media program to educate brokers and their clients about the need for diligence and risk management to avoid data breaches and cyber attacks.
The high rate of notifications and the continual rise every quarter highlights the need for cyber insurance. Emergence’s cyber policy gives insureds 24/7 access to an Australian-based incident response team of experts who understand the importance of immediately mitigating potential threats to insureds’ businesses.
Emergence’s policy covers reporting data breaches to OAIC, any subsequent regulatory investigations, costs associated with communicating data breaches to affected individuals, and any fines imposed by the regulator.
A cyber policy is part of every successful business’s risk management framework. Cyber insurance is not the first line of defence; it is designed to protect a business when its IT security, policies and procedures fail to stop an attack.
Emergence is a pioneer of cyber cover in Australia and provides protection for SMEs through to ASX-listed entities.
Emergence has won the Insurance Business Cyber Product of the Year award in three of the last four years, including 2018.
You can obtain Emergence cyber quotations for clients by accessing the broker portal.
This blog is another cyber education initiative from Emergence.