Data breach notification statistics ‘frightening’


The Office of the Australian Information Commissioner (OAIC) has released its first quarterly report into notifiable data breaches, which shows 63 reported breaches since the scheme began on 22 February 2018.

That means in only its first 38 days, the scheme is averaging more than two notifications every business day.

Gerry Power, National Head of Sales for cyber insurance specialist underwriting agency Emergence, said the statistics were “frightening”.

OAIC’s figures show health service providers made the most notifications, at 15; followed by legal, accounting and management services, 10; finance, including superannuation, eight; education, six; and charities, four.

“These figures are consistent with Emergence claims data that show the accounting industry is a major target for cyber theft,” Mr Power said.

Human error was responsible for 32 of the notifiable data breaches (NDB) reported; malicious or criminal attacks, 28; and two were system errors.

Mr Power said the high rate of NDBs in only 38 days of the scheme’s operation highlighted the need for cyber insurance. Emergence’s cyber policy gives insureds 24/7 access to an incident response team of experts who understand the importance of immediately mitigating potential threats to insureds’ businesses.

“The Emergence solution also manages reporting data breaches to OAIC, any subsequent regulatory investigations, and costs associated with communicating data breaches to affected individuals,” Mr Power said.

“A cyber insurance policy is part of every successful business’s risk management framework. Cyber insurance is not the first line of defence; it is designed to protect a business when its IT security, policies and procedures fail to stop an attack.”

Emergence is a pioneer of cyber cover in Australia and provides protection for SMEs through to ASX-listed entities. It is a cyber specialist, focusing all its efforts on risk management and fine tuning its policy to provide top-level protection.

Mr Power warned the NDB scheme meant companies could not keep silent on data breaches and hope for the best because notification to OAIC was now mandatory.