On average, 2 Australian companies are being hit by data breach incidents every day, says the first report produced by the newly enacted Notifiable Data Breach (NDB) Scheme.
Of those incidents, nearly half were the result of criminal attacks and the majority were directed at professional services companies in the health, finance and legal sectors.
The NDB report was published by the Office of the Australian Information Commissioner (OAIC); the government agency responsible for managing the new NDB regime.
(Above: in this graph from the OAIC’s report, we can see the large proportion of breaches caused by cybercrime. OAIC NDB Quarterly Statistics Report: January 2018 – March 2018.)
The OAIC report shows that there were 55 data breach incidents reported by Australian companies in March, including:
- 15 incidents in the Health service industry sector;
- 10 breaches of legal, accounting and management service firms, and
- 8 incidents affecting businesses in the finance and superannuation industry.
Although the report does not give detailed information on the numbers of people affected, the three largest incidents sited compromised the personal details of more than 10,000 people, with the largest breaches estimated to have affected much greater numbers; up to 99,000 individuals:
(Above: graph showing numbers of people compromised by data breaches; OAIC NDB Quarterly Statistics Report.)
Personal information exposed in the reported data breach incidents included people’s names, email address, home addresses and phone numbers.
In 33% of cases, personal health records were compromised.
(Above: excerpt from the OAIC NDB Quarterly Statistics Report showing types of data compromised in reported data breaches.)
In a press statement, Acting Information Commissioner and Privacy Commissioner, Angelene Falk said:
“The transparency provided by the NDB scheme reinforces Australian Government agencies’ and businesses’ accountability for personal information protection and encourages a higher standard of security.
“Over time, the quarterly reports of the eligible data breach notifications received by the OAIC will support improved understanding of the trends in eligible data breaches and promote a proactive approach to addressing security risks.
“This (report) highlights the importance of implementing robust privacy governance alongside a high-standard of security. The risk of a data breach can be greatly reduced by implementing practices such as information security risk assessments, and training for any staff responsible for handling personal information.”
> Read the full OAIC NDB Quarterly Statistics Report, here.
What is the NDB Scheme?
On Feb 22 this year, the Australian Government’s Notifiable Data Breach (NDB) Scheme came into effect.
Under the NDB Scheme companies that handle people’s personal data like bank account information, credit card details, medical records etc, are obliged to report data breaches to the Office of the Australian Information Commissioner (OAIC). They must also directly inform people whose information is exposed so they have the best possible opportunity to protect themselves from adverse effects.
Basic NDB compliance can be summarised in 3 steps:
- Data audit
- Risk assessment
- Cybersecurity implementation
> Read more about the NDB and how it could affect your business, here.
MailGuard: your security partner
As a leader in cybersecurity and data protection, MailGuard applauds the introduction of the NDB Scheme as a contribution to higher cybersecurity standards.
If you would like to get your company ahead of the curve on NDB compliance, call MailGuard for an obligation-free consultation with one of our cybersecurity experts:
1300 30 44 30