After more than two years, the Australian Government is back in the top five sectors with the most data breaches reported to the Australian Information Commissioner’s Office (OAIC). The Australian government is also the only sector of the five where human error is the biggest cause of data breaches.
The Notifiable Data Breach Report is published twice a year and reports on notifications received under the NDB scheme over a six-month period. The report published today refers to data breaches notified between July 1 and December 31, 2023. OAIC received a total of 483 notifications during the period, with the top five reporting industries being: Health Service Providers, Financial Services, Insurance, Retail and Australian Government.
Breakdown of data breaches reported by the Australian government
Government agencies reported 38 data breaches in the second half of 2023, representing only 8% of all notifications received by OAIC. Of these, 26 were due to human error and 13 were due to personal information being sent to the wrong person. Eleven cases were due to unauthorized disclosure of personal information. Two cases involved the loss of documents or data storage devices.
“Breaches due to human error typically occur due to failures in processes and procedures,” the report states. “Companies must expect human error to occur and design systems and processes that minimize risk.” The OAIC also reduces this by educating staff on handling information securely. says it can be done.
The government was also found wanting in one of the rules under the NDB regime, which requires notification to the OAIC and affected individuals within 30 days of becoming aware of a breach. The Australian Government accounted for the largest proportion (55%) of notifications made to the OAIC more than 30 days after the OAIC became aware of the incident. It also had the highest percentage of notifications (50%) in which authorities identified the incident more than 30 days after it occurred.
“These statistics suggest that Australian government agencies need to check whether they have effective systems in place to detect, assess, respond and notify data breaches,” the report said. I am.
Supply chain risk remains an issue
The report highlights the risks of outsourcing the handling of personal information to third parties, with Australian Information Commissioner Angeline Falk stating that breaches between a number of parties have been notified and most said it was caused by a cloud or software provider breach. “Organizations need to proactively address privacy risks in their contracts with third-party service providers,” Falk said in her statement.
Of the 483 notifications over the six-month period, malicious or criminal attacks remained the leading cause of data breaches, accounting for 322 notifications, of which 211 were cyber security incidents.
The healthcare and financial sectors remain the top contributors of data breaches, with 104 and 49 breaches, respectively, followed by insurance with 45 and retail with 39.
