Revealed – Cyber security incidents' impact on millions of Australians

Commissioner issues advice for organisations

Revealed – Cyber security incidents' impact on millions of Australians


By Roxanne Libatique

The Australian government's latest Notifiable Data Breaches report found that the total number of breaches in the second half of 2022 (H2 2022) rose by 26% from the same period in the previous year.

Moreover, 33 of the 40 breaches that affected more than 5,000 Australians resulted from cyber security incidents.

Australian Information Commissioner and Privacy Commissioner Angelene Falk said cyber security incidents can significantly impact individuals.

“We saw a significant increase in data breaches that impacted a larger number of Australians in the second half of 2022,” she said. “Cyber security incidents continue to have a significant impact on the community and were the cause of the majority of large-scale breaches.”

Calls on Australian organisations to remain alert to cyber risks

Commissioner Falk called on organisations across Australia to be alert to cyber risks as large-scale compromises of personal information may lead to further attacks.

“Organisations should take appropriate and proactive steps to protect against and respond to a range of cyber threats. This starts with collecting the minimum amount of personal information required and deleting it when it is no longer needed,” she said.

“As personal information becomes increasingly available to malicious actors through breaches, the likelihood of other attacks – such as targeted social engineering, impersonation fraud, and scams – can increase,” she added. “Organisations need to be on the front foot and have robust controls, such as fraud detection processes, in place to minimise the risk of further harm to individuals.”

Best practice regarding cyber risk response

The Office of the Australian Information Commissioner has expectations of best practice regarding data breach preparation and response to protect individuals from harm.

“In response to a breach, organisations need to provide information to individuals that is timely and accurate,” Falk said. “As well as setting out the kinds of information breached, the notification must include recommendations about clear steps people should take in response.”

Falk added that the Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022 has been helpful against cyber risks because of the following:

  • It provides the commissioner with new and greater powers to share information with other authorities about data breaches;
  • It provides the commissioner with a new power to obtain information and documents relevant to an actual or suspected eligible data breach;
  • It enables the commissioner to assess the ability of an entity to comply with the Notifiable Data Breaches scheme – including the extent to which the entity has processes and procedures in place to assess suspected eligible data breaches – and provide notice to the commissioner and individuals at risk from such breaches; and
  • It significantly increases penalties for major or repeated privacy breaches, including non-compliance with the Notifiable Data Breaches scheme.

“While we will continue to work with organisations to facilitate voluntary compliance, we will use these regulatory powers where required to ensure compliance with the Notifiable Data Breaches scheme,” Falk said.

Top cyber risk predictions for Australian businesses in 2023

With cyber incidents being the talk of the town in Australia, global broking giant Gallagher shared its 2023 cyber risk predictions in its recent webinar.

The latest Gallagher Cyber Insight Series Webinar's predictions for Australian businesses in 2023 are the following:

  • Decade prediction – discovering data breaches will not beat hackers' stealth;
  • Hackers will increasingly use artificial intelligence (AI);
  • Weaponised likenesses will make scams more convincing;
  • The metaverse will be hackers' “new playground”;
  • War on two battlefronts – the ground and cyberspace; and
  • Intergalactic attacks – cyberattacks from space.

Gallagher said: “In the event of a cyberattack, a robust cyber insurance policy provides access to experts not only in negotiation but also forensic investigation, remediation measures, as well as cover for the legal and reputational costs involved.”

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!