Human error and compromised credentials comprised 67 per cent of data breaches reported under the Notifiable Data Breaches Scheme last quarter.
Information and Privacy Commissioner, Angelene Falk, said there is growing evidence that organisations must improve data security.
“The fact that there is a human factor involved in so many cases demonstrates the need for staff training to increase awareness of cyber risks and to take the necessary precautions,” she said
Organisations made a total of 245 notifications to the Office of the Australian Information Commissioner between April 1 and June 30 of this year.
John Donovan from Sophos said the figures show a need for multi-faceted approaches to data safety.
“This indicates Australian organisations aren’t investing in cyber security from both a technology and employee education perspective,” he said.
“By investing in these areas, organisations will be able to better block attacks and have a workforce that is attuned to cybersecurity issues”.
Cyber incident breakdown. Source: OAIC
With financial gain the main motivator for malicious actors, it is no surprise that financial institutions are among the highest reporters of data breaches.
The health sector reported the most breaches (47) – more than half of which were the result of human error.
In 90 per cent of all cases, personal contact information was disclosed.
Financial details were gained in 42 per cent of incidents.
And although ransomware can cost IT managers their jobs, only five of these incidents were reported to the OAIC in the past three months.
Source of data breaches – top five sectors. Source: OAIC
Over the last year, the number of reported breaches has varied little, with each quarter ranging from 215 to 262 incidents.
Despite a lack of apparent cyber improvement from organisations during this time, Commissioner Falk said the scheme was helping create transparency and awareness around privacy in Australia.
“The reporting regime has been well accepted and the onus is now on organisations to further commit to best practice in combatting data breaches and improving response strategies,” she said.
“Effecting change in practices to prevent breaches is vital to the goal of protecting the community.
“Putting data breaches in the spotlight has heightened awareness of the privacy rights of consumers, who in turn are demanding greater security from the organisations with which they share information.”
Terry Burgess from SailPoint said stagnant figures prove there is still a need for organisations to improve their cyber maturity.
“The unfortunate reality is that many businesses continue to take a lassez-faire approach to cybersecurity, which is reflected in these reports,” he said.
“Business leaders need to put more effort into improving their security posture, which involves treating cyber threats the same way they treat overall enterprise risk.
“Only then will organisations reduce the likelihood of becoming a statistic in next quarter’s report.”