The Office of the Australian Information Commissioner’s (OAIC) last quarterly report revealed that businesses with less than 1,000 employees account for majority of the reported cyber breaches, prompting a Gallagher cyber specialist to warn organisations of all sizes to “be more cyber aware, before it’s too late.”
OAIC said it had been notified of 215 breaches from February to March 2019 – a decrease from the previous quarter’s 262 – with businesses with less than 100 employees and sole operators accounting for 82 and 65 of the total breaches respectively.
Large organisations with thousands of staff, in comparison, recorded single-figure breaches.
Many of the incidents exploited human vulnerabilities, such as clicking on a phishing email or by using social engineering or impersonation to gain access to personal information fraudulently.
Gallagher said the report also highlighted the need for more staff training, as 44% of data breaches were due to simple mistakes such as sending personal information to the wrong recipient and unintended releases of information.
Meanwhile, 66% of breaches were made up of malicious attacks involved phishing, malware or ransomware, brute force attacks or compromised or stolen credentials, theft of paperwork or devices. Bad actors within the company accounted for a further significant 28% of the breaches.
“This latest report highlights that to limit cyber risk, it takes more than online or computer-based solutions,” said Robyn Adcock, cyber technology practice Leader at Gallagher. “Regular staff training is a really important way to make sure your business is protected, as people are often the weakest link in the defence of a business.”