Insurance brokerage Gallagher has renewed calls for businesses to ensure they have cyber-risk management and cyber insurance in place to mitigate against increasing cyberattacks, following new statistics on notifiable breaches.
The Office of the Australian Information Commissioner (OAIC) has revealed that from April 01 to June 30, it logged 242 notifications under the Notifiable Data Breaches (NDB) scheme; and had posted the biggest month-on-month surge for data breaches, receiving 55 notifications in March 2018, which spiralled to 90 in June.
Of the attacks registered by the OAIC over the quarter, 59% were criminal or malicious in nature, and 36% could have been due to human error – highlighting that more can be done to boost cyber security for businesses’ own protection.
“Cyber is no longer silent,” said Robyn Adcock, Gallagher’s client manager of professional and financial risks. “With GDPR [the European Union’s General Data Protection Regulation] and mandatory breach notifications now a reality, cyber breaches are part of the public sphere, which brings with it challenges for all businesses. From a compliance perspective, it is better to be safe than sorry. If you think you fall under the regulation, a framework you put in place will only benefit your business from a security and trust standpoint.”
The majority of the attacks were due to cyber incidents, such as phishing, malware, and ransomware, as 97 were reported in total. Theft of paperwork or data storage devices was the second-most popular attack method with 31 breaches, followed by social engineering and insider threats as the third-most common attack method with seven breaches each.
Adcock said cyber insurance and adequate protection against cyberattacks is paramount.
“Conversations around cyber insurance have picked up markedly in the last 12 months following new legislation and a series of major global ransomware attacks in 2017,” Adcock said. “As legislation at home and abroad continues to develop, it is key that all businesses understand the cyber exposures they face and how best to mitigate against the threat of breaches that could be costly from both a financial and reputational perspective.”