In its first quarterly report, the Office of the Australian Information Commissioner (OAIC) has revealed “frightening” statistics into notifiable data breaches (NDB), highlighting the need for cyber insurance.
OAIC said that in the first 38 days since the NDB scheme began in Feb. 22, there have been 63 reported breaches – that's an average of more than two notifications every business day.
Most notifications came from health service providers, at 15; followed by legal, accounting, and management services, 10; finance, eight; education, six; and charities, four, OAIC figures showed.
Of all NDBs reported, 32 were caused by human error, 28 were malicious or criminal attacks, and two were system errors.
Gerry Power, national head of sales for cyber insurance at specialist underwriting agency Emergence, said the statistics were “frightening”, and that the high rate of NDBs in the first 38 days of the scheme's operations stressed the need to take up cyber insurance.
“A cyber insurance policy is part of every successful business’s risk management framework,” Power said. “Cyber insurance is not the first line of defence; it is designed to protect a business when its IT security, policies, and procedures fail to stop an attack.”
Power also warned companies that the NDB scheme meant they could not keep silent on data breaches, as notification to OAIC was now mandatory.