Data breaches are increasingly common among Australian businesses. Robust security solutions are needed to protect data integrity, operational compliance, and business continuity now more than ever. Security breaches are recorded and analysed each year in an effort to identify current security gaps and prevent future incidents. The Office of the Australian Information Commissioner (OAIC) releases regular data of known incidents, with the most recent report listing notifications received under the Notifiable Data Breaches (NDB) scheme between 1 July and 31 December 2020.
The NDB scheme was established in 2018 to help improve security standards and promote stronger consumer protection. Under the scheme, the OAIC must be notified whenever an organisation or government agency is affected by a significant data breach that is likely to result in serious harm to the individual whose data is compromised. The report analysed incidents based on the frequency of breaches, the cause of the breaches, the industry sectors affected, the number of individuals affected, the type of information compromised, and the time taken to identify the breach among other factors.
Frequency of data breaches
During the six-month period, there were a total of 539 notifications, which was a 5% rise from the 512 notifications received in the previous reporting period between 1 January and 31 June 2020. There was a significant variation in notification numbers received over the six-month period, from a low of 62 in November to a high of more than 100 in July, August, and September. Overall, there were 1,051 notifications received under the scheme throughout 2020.
Causes of data breaches
In the report, the following three categories represented all security incidents, with figures rounded up or down:
- Malicious events or criminal attacks represented 310 incidents or 58% of all notifications, which was a slight 1% drop from the preceding period.
- Human error accounted for 204 incidents or 38% of security breaches, which was a significant 18% rise from the 173 notifications recorded over the previous period.
- System fault incidents accounted for just 5% of all notifications, which was the same number as the previous reporting period.
Industry sectors affected
Security incidents affected all Australian locations, industry sectors, and business sizes. There were a number of key trends identified, however, with some sectors facing more challenges than others. The unique environment of 2020 was partly to blame, as COVID-19 stretched healthcare and government resources to the limit.
According to the report, the Australian health sector recorded the most breaches at 23%; followed by the finance sector at 15%; education at 7%; legal, accounting & management services at 7%; and the Australian Government at 6%. While the health sector remained in the top position based on the previous report, the Australian Government entered the top five for the first time.
Additional statistics
Most security incidents affected a relatively small number of people, with 68% of all data breaches affecting 100 individuals or fewer. Breaches affecting 10 individuals or fewer comprised 47% of all notifications. The vast majority of compromised data related to personal contact information at 91% of all breaches. This included things like phone numbers, email addresses, and home addresses, which was distinguished from identity information such as driver’s licence and passport numbers. Other data was also compromised, including financial details at 40%, health information at 26%, and tax file numbers at 18%. Overall, 75% of security breaches were notified within 30 days of the incident taking place.
If you’ve faced any kind of data breach, it’s essential to identify the cause of the security incident and recover any losses to your business. For comprehensive data breach investigations, practical advice, and actionable recommendations, contact Intrix Cyber Security today for a confidential consultation.
