Over the last five years, Australia has experienced a dramatic escalation in the number of data breaches, with the record figures suggesting it is high time for action and a solid response.
The upward trajectory, noted in recent findings, underscores the complexity of cyber threats and the weaknesses of public and private sector establishments.
In its latest report, the OAIC says there have now been 16,315 breaches in Australia, with 551 so far this year ahead of two months of data from Victoria, and more than half (54 per cent) of the total notifications received in the past year alone.
This is a marked 25% increase on the 893 notices we received in 2023, which indicates a worrying trend. Just July to December 2024, there were 595 breaches recorded, underscoring the continued and escalating threat environment.
Incident Analysis Information shows that malicious or criminal attacks continue to be the leading source of notifications, with 69% of notifications in the last six months of 2024 attributed to this source. Of this funds transfer fraud category, 61% were incidents of cyber security: including phishing, stolen credentials, and ransomware.
It is interesting to note that phishing and social engineering are often the starting point for these attacks, so additional attention must be given to these attacks from both the organizational and personal perspective.
Health service providers and the Australian Government remain the most targeted sectors, representing 22% and 17% of total breaches in 2024. This underscores the urgent requirement for heightened security measures in these industries that process large volumes of sensitive personal data.
Although the private sector has made progress in response to the timely notification and identification of breaches, the public sector continues to fall behind in this respect.
The harm caused by such breaches is enormous, ranging from exposure of personal data to risk of monetary fraud, identity theft, and severe emotional distress to those impacted.
The average total cost of a data breach in Australia rose to a peak of AUD $4.26 million in 2024. This has increased by 27% since 2020, highlighting the financial impact to businesses.
And experts say it’s not going anywhere, which is why we need to be more proactive and flexible in our thinking. Enterprises are advised to enhance privacy and security controls, strengthen data protection practices, and quickly and effectively detect and notify breach victims in order to minimize risk.
As Australia grapples with a more digital future, tackling those rising data breach numbers becomes all the more crucial to protect the privacy and security of individuals, and to uphold confidence in its institutions.
