Human error remains a key cause of notifiable data breaches, according
to the latest quarterly report from the Office of the Australian Information
Commissioner (OAIC).
While malicious or criminal attacks are still the largest source of notifiable
data breaches (NDBs), accounting for 57%, human error is second with cyber
incidents exploiting human vulnerabilities, for example, encouraging people to
click on phishing emails or disclose passwords.
Gerry Power, Head of Sales at Emergence, said: “The continued propensity for
human error to cause NDBs is a disturbing insight because it shows businesses
are not educating staff enough on how to identify phishing emails or handle
personal information appropriately.”
Human error accounted for 37% of data breaches in the latest report. Emailing
personal information to the wrong recipients was the most common human error
data breach (12%). Second highest was failing to use the BCC function when
sending group emails, which impacted on an average of 494 people each breach.
Gerry said the healthcare industry continued to be the worst-performing sector,
recording 18% of data breaches and human error was responsible for more than
half those. “That gives an insight into why some cyber insurers will not write
the healthcare industry for data breaches,” he said.
The finance sector was the second-worst performing industry for the second
consecutive quarter, with 14% of breaches.
The legal, accounting and management services sector was a close third. Gerry
said Emergence’s claims data backed that up. “The accounting profession is a
honeypot of data for cyber criminals,” he said.
The NDB scheme was introduced on 22 February 2018 and, since then, OAIC has had
550 notifications, including 245 in the July-September quarter. That compares
to only 114 notifications in the 12 months before the scheme’s launch.
As knowledge of the NDB scheme increases in the business community, the number
of known data breaches will continue to rise.
Education is the key to reducing the human error element of NDBs.
Emergence conducts in-house education sessions, online seminars, and a social
media program to educate brokers and their clients about the need for diligence
and risk management to avoid data breaches and cyber attacks.
The increasing rate of notifications highlights the need for cyber insurance.
Emergence’s cyber policy gives insureds 24/7 access to an Australian-based
incident response team of experts who understand the importance of immediately
mitigating potential threats to insureds’ businesses.
Emergence’s policy includes cover for reporting data breaches to OAIC,
regulatory investigations, and costs of communicating data breaches to affected
individuals.
“A cyber policy is part of every successful business’s risk management
framework. Cyber insurance is not the first line of defence; it is designed to
protect a business when its IT security, policies, and procedures fail to stop
an attack,” Gerry said.
Organisations can reduce the potential for NDBs through risk management
practices such as:
• Employee training, including strong password protection
strategies and raising awareness about the importance of protecting personal
information
• Restricting administration privileges
• Conducting daily backups
• Continuously patching operating systems and software
• Implementing multi-factor authentication.
Emergence is a pioneer of cyber cover in Australia and provides protection for
SMEs through to ASX-listed entities.
Katherine (08) 7919 7019
2/46 Chardon St