Powered by MOMENTUM MEDIA
HR Leader logo
Stay connected.   Subscribe  to our newsletter
Tech

Aussie businesses must do better on data, says OAIC

By David Hollingworth | |5 minute read
Aussie Businesses Must Do Better On Data Says Oaic

Australian companies and organisations must have “robust and proactive procedures” in place to handle data breaches and protect consumer information, warned the Office of the Australian Information Commissioner (OAIC).

The OAIC has released its latest Notifiable Data Breaches Report for the year to June 2023.

“As the guardians of Australians’ personal information, organisations must have the security measures required to minimise the risk of a data breach,” said Angelene Falk, Australian information and privacy commissioner.

Advertisement
Advertisement

“In the event of an incident such as a cyber attack, organisations must also be able to adequately assess whether a data breach has occurred, how it has occurred and what information has been affected.”

Overall, the first half of 2023 has seen a 16 per cent reduction in notifications of a breach, with 409 incidents reported compared to 486 in the previous period.

The number of people affected by breaches has also dropped in line with the reporting; while there were 42 breaches affecting more than 5,000 Australians in the second half of last year, there were only 23 reported in the first half of 2023. Of course, that same period also saw the first Australian breach affect more than 10 million people, so it’s very much swings and roundabouts on that matter.

Malicious attacks remain the leading cause of data breaches, with 70 per cent of reports relating to threat actor activity.

As for the time it takes organisations to make a report, 78 per cent of organisations take less than a month to notify the OAIC. Breaches relating to human error are often the fastest to be reported, while those that occur as a result of a system fault are the slowest. In fact, 14 per cent of organisations took more than a year to report such incidents.

Ransomware attacks remain the most prevalent, making up 31 per cent of the total, followed by compromised credentials at 29 per cent. Phishing takes the third spot at 33 per cent.

The healthcare sector is responsible for 15 per cent of all incident reports, followed by finance at 13 per cent and recruitment agencies at 8 per cent. Recruitment agencies are also the fastest to report any breaches, with the finance sector the slowest.

“Prompt notification ensures individuals are informed and can take further steps to protect themselves, such as being more alert to scams,” commissioner Falk said.

“The longer organisations delay notification, the more the chance of harm increases.”