Australia sees surge in data breaches, highest in over three years

Australia sees surge in data breaches, highest in over three years

Australia sees surge in data breaches, highest in over three years | Insurance Business Australia

Cyber

Australia sees surge in data breaches, highest in over three years

Report reveals most targeted sectors

Cyber

By
Roxanne Libatique

Australia has recorded its highest number of data breaches in over three years, according to the latest Notifiable Data Breaches report from the Office of the Australian Information Commissioner (OAIC).

Data breaches in Australia

Between January and June 2024, 527 data breaches were reported to the OAIC. This is a 9% rise from the previous six months, making it the largest figure since the latter half of 2020.

“Almost every day, my office is notified of data breaches where Australians are at likely risk of serious harm. This harm can range from an increase in scams and the risk of identity theft to emotional distress and even physical harm,” she said.

As in previous reports, malicious and criminal attacks were the primary cause of breaches, accounting for 67% of incidents, with 57% of those related to cyberattacks.

Health and government sectors led in the number of notifications, representing 19% and 12%, respectively.

OAIC expects higher level of accountability from organisations

Six years into the Notifiable Data Breaches scheme, the OAIC expects a higher level of accountability from businesses and government entities in securing personal information.

“The Notifiable Data Breaches scheme is now mature, and we are moving into a new era in which our expectations of entities are higher,” Kind said, adding that the OAIC’s enforcement actions make clear that organisations must treat personal data security as a priority.

See also  Reinsurance costs & capacity fuel negative 2023 outlook for P&C insurers: Moody’s

The OAIC indicated that while it will continue to take a measured approach to enforcement, it will also provide guidance to help organisations understand their obligations under the scheme.

Privacy and Other Legislation Amendment Bill 2024

The release of the report comes as the Australian government pushes forward with the Privacy and Other Legislation Amendment Bill 2024, which seeks to enhance the OAIC’s enforcement powers.

If passed, the bill would introduce stiffer penalties for non-compliance and clarify security obligations under Australian Privacy Principle 11. Organisations would be required to implement more robust security measures, including data encryption and staff training, to mitigate risks.

The OAIC has endorsed these reforms but also called for further action in line with the government’s Privacy Act Review to bolster the Notifiable Data Breaches scheme and improve protections across the economy.

Increase in cyberattacks across Australia

The OAIC’s report mirrors a broader rise in cyberattacks across the country.

Regional cybersecurity trends

The rise in breaches reflects broader cybersecurity challenges faced across the Asia-Pacific region.

While 85% of cybersecurity executives in the Asia Pacific rated their defences as strong, 46% of companies had faced customer concerns over potential cybersecurity failures.

To address these concerns, 84% of companies in the region reported increasing their cybersecurity budgets, a figure that exceeds the global average of 76%.

However, many organisations are still struggling to quantify the effectiveness of their security programs, with a focus on breach numbers rather than operational metrics like response times or threat detection capabilities.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!