News

Data breaches on the rise, with human factor the main cause

Data breaches which are a result of human error continue to increase, according to the Office of the Australian Information Commissioner’s latest ‘Notifiable Data Breaches Report’.

The commissioner’s office received 539 data breach notifications from July to December 2020, an increase of five percent on the previous six months.

Angelene Falk, the Information Commissioner and Privacy Commissioner, said 38 percent of all data breaches notified during the period were attributed to mistakes by human beings.

Rise in human error breaches over past six months

“In the past six months we saw an increase in human error breaches, both in terms of the total number of notifications received – up 18 percent to 204 – and proportionally – up from 34 percent to 38 percent,” the commissioner stated.

“The human factor is also a dominant theme in many malicious or criminal attacks, which remain the leading source of breaches notified to my office.”

Falk said businesses, government departments and other organisations needed to reduce the risk of a data breach by addressing and limiting human error. For example, by prioritising the training of staff to implement more secure information-handling practices.”

Malicious criminal attack is still the main factor

Malicious or criminal attack accounted for 310 (58 percent of the total) notifications during the six-month period of the latest report, while system fault was responsible for 25 notifications (five percent).

Health service providers again notified the most data breaches (23 percent) of any industry sector, followed by finance, which notified 15 percent of all breaches. For the first time, the Australian Government entered the top five industry sectors by notifications, accounting for six percent of all breaches, with human error the leading cause.

“Ensuring the security of personal information is an area of regulatory focus for the commission, particularly in the health and finance industries, which have consistently been the top two sectors to report breaches,” Falk said.

Entities must have an effective response system

According to the commission, it is calling for entities to have effective systems in place for responding to data breaches, especially those that handle personal information.

“Critically, they need to provide individuals with clear and timely information about data breaches, including recommendations on steps they can take to protect themselves from harm. Any unnecessary delay in providing this information undermines the purpose of the Notifiable Data Breaches scheme,” Falk stated.

In mid-2020, Australia was the target of a major cyberattack. While the Federal Government did not blame a specific country, a Canberra-based policy think-tank and others said they believed China was behind the attacks.

Mike Simpson

Mike Simpson has been in the media industry for 25-plus years. He writes on finance, the economy, general business, marketing, travel, lifestyle and motoring.