The latest quarterly report released by the Office of the Australian Information Commissioner (OAIC) has revealed that cyber breaches have continued at pace.
The report found that the OAIC had been notified of 245 breaches from July to September 2018, a slight increase from the previous quarter. The statistics show that 57% of attacks over the quarter were caused by a malicious or criminal attack.
“This latest report highlights that cyber risk is here to stay,” Robyn Adcock, Cyber Technology Practice Leader at Gallagher, said. “For two consecutive quarters, the OAIC has seen record numbers of data breaches and businesses that ignore these warnings leave themselves open to attack.”
Human error based attacks also saw a slight uptick in the latest quarter. Thirty seven percent of attacks were down to a human mistake, highlighting the importance of regular and thorough staff training.
“To limit cyber risk, it takes more than online or computer-based solutions. Regular staff training is a really important way to make sure your business is protected as people are often the weakest link in the defence of a business.”
Robyn Adcock, Cyber Technology Practice Leader at Gallagher
A simple error, sending personal information to the wrong recipient, made up 20% of data breaches over the quarter, Australian Information Commissioner and Privacy Commissioner Angelene Falk said.
“Organisations and agencies need the right cyber security in place, but they also need to make sure work policies and processes support staff to protect personal information every day,” Falk said.
Staff training can also help spot suspicious emails that seek to dupe employees into clicking and exposing their business to cyber threats. Known as phishing, this attack method was responsible for 20% of attacks over the quarter and continues to have its presence felt.
“Phishing is a common attack method that we are seeing all too often,” Adcock said. “Again, staff training can help inform employees on what to look for and how to spot a suspect email.”
Mitigating against cyber attacks is the best method to avoid any potential damage to a business but cyber insurance can also help to pick up the pieces should something go wrong.
“It is no longer a matter of ‘if’ your business will come under cyber attack, it is a matter of when the attack will occur and how damaging it could be,” Adcock added.
“All businesses, no matter their size, industry or if they fall under Mandatory Breach Notification legislation should look to become more cyber aware, before it’s too late.”
Gallagher provides insurance, risk management and benefits consulting services for clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance and/or risk management perspective, and offer broad information about risk mitigation, loss control strategy and potential claim exposures. We have prepared this commentary and other news alerts for general information purposes only and the material is not intended to be, nor should it be interpreted as, legal or client-specific risk management advice. General insurance descriptions contained herein do not include complete insurance policy definitions, terms and/or conditions, and should not be relied on for coverage interpretation. The information may not include current governmental or insurance developments, is provided without knowledge of the individual recipient’s industry or specific business or coverage circumstances, and in no way reflects or promises to provide insurance coverage outcomes that only insurance carriers’ control.
Insurance brokerage and related services to be provided by Arthur J. Gallagher & Co (Aus) Limited (ABN 34 005 543 920). Australian Financial Services License (AFSL) No. 238312