At the closing of each quarter, the Office of the Australian Information Commissioner (OAIC) publishes a report detailing data breach statistics released from the mandatory Notifiable Data Breaches Scheme (NDBS). To recap, the scheme was applied from 22nd February 2018, and mandates that all Australian organisations regulated under the Privacy Act 1988 must report any data breach where private, personal information may have been compromised, or otherwise risk heavy fines. A side-effect of this scheme is that it allows the OAIC to publish reports and statistics of data breaches around Australia.
At the beginning of this month, the report for July-September 2018 was released, and showed that 245 data breaches had been reported by Australia organisations, on par with the previous three months. In a world where large data breaches that make the news are becoming a daily occurrence, this may seem like a win, but countless Australians are still having their private data leaked on a daily basis.
OAIC officials have spoken out, stating that there is a need for organisations to improve security training and processes. 20% of data breaches over the quarter occurred when personal information was sent to the wrong recipient by email, mail, fax or other means. 20% of the data breaches were also caused by phishing. This shows that there is a greater need for training to ensure that employees are not mishandling data, and that they are on the lookout for suspicious websites and emails.
One positive statistic that the report detailed was that the largest breach impacted less people. In the previous quarter, the top breach leaked the records of between 1 million and 10 million people whereas in the most recent report, the largest breach impacted between 100,000 and 250,000 individuals only. This finding might also show that larger organisations are possibly investing in more data security measures, as the cost of a data breach has been increasing dramatically in the last few years.
Small to medium businesses are still at great risk however, as this is where data breaches have been known to cause bankruptcy. No organisation is safe from malicious attackers, as smaller organisations likely have fewer, or less robust, security systems in place.
There has never been a time where security has been more important to an organisation. Agilient’s team of expert security consultants are available to help any organisation protect their assets from the biggest threats affecting Australian businesses today. If you’d like to learn more about how we can help your organisation create strong security policy and systems, contact us today.