Brokers may need to reinforce their clients’ understanding of cyber risks, as a new report from the Office of the Australian Information Commissioner (OAIC) revealed that cyber breaches have continued at pace.
OAIC reported that it received 245 notifications of breaches from July to September 2018, a slight increase from the previous quarter, with 57% of the incidents caused by a malicious or criminal attack.
“This latest report highlights that cyber risk is here to stay,” said Robyn Adcock, cyber technology practice leader at Gallagher. “For two consecutive quarters, the OAIC has seen record numbers of data breaches, and businesses that ignore these warnings leave themselves open to attack.”
The report revealed a slight uptick in human-based attacks from the last quarter, with 37% of attacks due to a human mistake.
“To limit cyber risk, it takes more than online or computer-based solutions,” Adcock said. “Regular staff training is a really important way to make sure your business is protected, as people are often the weakest link in the defence of a business.”
Angelene Falk, Australian information commissioner and privacy commissioner, said sending personal information to the wrong recipient accounted for 20% of data breaches over the quarter.
“Organisations and agencies need the right cybersecurity in place, but they also need to make sure work policies and processes support staff to protect personal information every day,” Falk said.
Staff training can also help protect businesses from phishing, which was responsible for 20% of attacks over the quarter.
“Phishing is a common attack method that we are seeing all too often,” Adcock said. “Again, staff training can help inform employees on what to look for and how to spot a suspect email.”
But while mitigating against cyberattacks is the best method to avoid any potential damage to a business, Gallagher said it would also help to have cyber insurance to “pick up the pieces should something go wrong.”
“It is no longer a matter of ‘if’ your business will come under cyberattack, it is a matter of when the attack will occur and how damaging it could be,” Adcock said. “All businesses, no matter their size, industry, or if they fall under Mandatory Breach Notification legislation, should look to become more cyber aware, before it’s too late.”