Organisations Can Take Steps to Avoid Adding To This Statistic
According to Gemalto’s Customer Loyalty research conducted by Vanson Bourne, 66% of consumers say they would be unlikely to do business with an organization that experienced a breach where their financial and sensitive information was stolen! This is a very scary statistic and one that will most certainly keep every C-level executive awake at night.
Around the world, there’s been heightened awareness of privacy, where citizens expect organizations and businesses to protect their personal information. They also expect regulators to ensure this by implementing regulations to prevent, detect and remedy any data privacy violations. Australia is no different, which is why the Office of the Australian Information Commissioner (OAIC) implemented the Notifiable Data Breaches (NDB) scheme on 22nd February 2018.
Since then, in 7 months (at the end of September) there have been 550 data breaches declared; an average of 80 data breaches every month. According to the OAIC’s Quarterly NDB Statistics Report the number of data breaches have remained the same over the last two quarters – 242 (March-June) vs 245 (July-September).
Of the 245 declared data breaches in July-September,
• 57% were caused by malicious or criminal attacks and 37% attributed to human error
• Contact information (85%) made up most of the stolen/lost personal information declared followed by financial details (45%) and identity information (35%)
• The top five industries reporting data breaches were health service providers (18%), finance including superannuation (14%), legal, account & management services (14%), education (7%) and personal services (5%)
• Compromised credentials (81% of total) were the main result of malicious or criminal attacks via Phishing (50%), unknown methods (19%) and brute-force attacks (12%)
According to Australian Information Commissioner and Privacy Commissioner Angelene Falk, “Everyone who handles personal information in their work needs to understand how data breaches can occur so we can work together to prevent them. Organizations and agencies need the right cyber security in place, but they also need to make sure work policies and processes support staff to protect personal information every day.”
The steady number of data breaches declared in the last 2 quarters shows that this problem isn’t going away any time soon. The good news is that there are some things that organisations can do to prevent data breaches and comply with the NDB:
1. Identify a complete and accurate picture of where sensitive personal data resides
2. Minimise the number of locations housing sensitive data where possible
3. Protect data by leveraging encryption and encryption key management to establish data confidentiality and integrity
4. Control access to sensitive data eg use multi-factor authentication, policy controls to establish strong dynamic credentials
How prepared is your organization to comply with the NDB? Take this simple online assessment tool and find out.
For additional insight on NDB and how organizations can comply with it check out these resources.