aiwithwords logo

Australia Experiences Rise in Notifiable Data Breaches in 2024

Meta Llama

Australia Experiences Rise in Notifiable Data Breaches in 2024

The Office of the Australian Information Commissioner’s latest Notifiable Data Breaches Report revealed a rapid rise nationwide in notifiable data breaches in the first six months of 2024. This represents a 9% increase when compared with the final six months of 2023 and the highest number of notifications since 2020.

The report showed that malicious or criminal attacks, both external and internal, were the source of 67% of all data breaches, followed by human error and system faults. The top five sectors suffering data breaches were health service providers, the Australian Government, finance, education, and retail.

Causes of Data Breaches

The most common causes of data breaches were cyber incidents, social engineering/impersonation, theft of paperwork or data storage, and rogue employee/insider threats. Human error still accounts for 30% of notifiable data breaches. The top categories of human error were personally identifiable information sent to the wrong email recipient, unauthorised disclosure of information, and failure to use the Bcc option when sending email.

Recommendations to Mitigate Cyber Threats

The OAIC recommended implementing multi-factor authentication as a first priority to stop cyber threats. Other recommendations include implementing layer security controls, enforcing levels of access to information based on roles and responsibilities, and leveraging security monitoring to detect, respond to, and report incidents or unusual activity.

The OAIC also pointed to frameworks such as Australia’s Essential Eight, the Australian Signals Directorate’s Information Security Manual, and the International Organisation for Standardisation’s ISO 27001 and ISO 27002 information security management standards as measures to guide improvement in practices.

The agency urged organisations to implement technical measures to reduce errors and emphasized that educating staff is essential to ensure they understand their privacy and security obligations.

    leave a reply

    Leave a Reply

    Your email address will not be published. Required fields are marked *