The Office of the Australian Information Commissioner’s (OAIC) notifiable data breaches (NDB) scheme received 964 notifications from April 01, 2018 to March 31, 2019 – an astounding 712% increase on the previous voluntary scheme, highlighting cyber risk’s magnitude and the need for cyber insurance to protect a business in the event of a cyberattack.
OAIC’s first annual report showed that malicious or criminal attacks were the main sources of data breach, with many of those incidents exploiting human vulnerabilities, such as clicking on attachments, fake emails, or inadvertently disclosing passwords, said Gerry Power, head of sales at Emergence Insurance.
OAIC also released its January to March quarterly report, which found phishing (sending emails or texts posing as a legitimate institution to lure people into providing information) and spear phishing (using social engineering to impersonate a trusted contact to obtain information) to be the most common and highly effective methods by which entities were compromised.
OAIC said phishing attack techniques continue to evolve, making phishing emails increasingly difficult to detect without “sustained, focused user education.”
In 28% of cases, the notifying entity was unaware of how credentials were obtained, because they had detected no phishing-based compromises; while 35% of data breaches across all sectors involved human error, such as unintended information disclosures or losing data storage devices.
Commissioner Angelene Falk said OAIC, over the next year, would “take a proportionate, evidence based regulatory approach to the NDB scheme, including exercising enforcement powers, where necessary.”