Awareness around cyber security may be growing but there is still significant room for improvement after a new report revealed human error remains a key cause of data breaches.
According to the most recent quarterly report from the Office of the Australian Information Commissioner (OAIC), human error was among the largest sources of notifiable data breaches – second only to malicious or criminal attacks.
“The continued propensity for human error to cause NDBs is a disturbing insight because it shows businesses are not educating staff enough on how to identify phishing emails or handle personal information appropriately,” said Gerry Power, head of sales at specialist cyber underwriting agency, Emergence Insurance.
The report shows that, while malicious and criminal attacks accounted for a huge 57% of data breaches, human error was responsible for a further 37%.
Of the data breaches caused by human error, emailing personal information to the wrong recipients was the most common breach, representing 12% of the total.
Second highest was failing to use the BCC function when sending group emails, which impacted an average of 494 people each breach.
The healthcare industry continued to be the worst-performing sector, recording 18% of data breaches – human error was responsible for more than half those.
“That gives an insight into why some cyber insurers will not write the healthcare industry for data breaches,” he said.
The finance sector came in second, with 14% of breaches, followed by the legal, accounting and management services sector.