TLDR

top line
deep reads

When sensitive or personal information is stolen, goes missing or is exposed, it can potentially harm innocent people and inflict severe reputational damage on an organisation. How the organisation responds is critical to ensuring the damage does not become irreparable. 

CANNINGS PURPLE WHITE PAPER

Data breach 

Privacy under attack

The threat to our data

Millions of Australians have lost control of their personal data as a result of notifiable data breaches. Three of Australia’s biggest data breaches occurred in the last 12 months.

Whether they were the result of malicious actions or negligence, individuals' details are potentially in the hands of cybercriminals, leaving them exposed to fraud and identity theft.

Cyber threats are evolving faster than any other risk management area, and business leaders must demonstrate they are taking these threats seriously.

Exposure alert

Is it a Notifiable Data Breach?

Notifiable data breaches in Australia

A data breach is notifiable when exposed information is deemed likely to result in serious harm to any individuals affected.

If a data breach is notifiable, any organisation or agency covered by the Privacy Act 1988 must notify every affected individual as well as the Office of the Australian Information Commissioner.

Organisations have 30 days to determine if a breach is notifiable. Communications to individuals must include recommendations about the steps they should take in response to the data breach.

Big business

What do cyber-criminals actually want?

an all-time high for the report and a

15% increase over the last 3 years

Global average cost of a data breach in 2023

AUD$7 million

The most valuable information is personally identifiable, which is used to perpetrate identity fraud, fuel future phishing attacks or simply for financial gain.

Cybercrime is now a business, and a lucrative one at that.

IBM’s 2023 Cost of a Data Breach report revealed an average cost of $7 million per breach – a price tag that could potentially sink a small or medium business, or a not-for-profit organisation.

For that reason alone, malicious data breaches are not going anywhere.

Culture club

Security is a human problem

of all data breaches results from cyBer security incidents

42%

Malicious attacks are the cause of 70% of notifiable data breaches, largely through ransomware, compromised or stolen credentials, or phishing emails that have exposed company networks.

But few attacks start with forcible entry into networks or system weaknesses being aggressively exploited. Cybercriminals are largely opportunists.

The Cyberthreat Defense Report released by US firm CyberEdge earlier this year suggests that 82% of all cyberattacks involve the human element.

Make the call

An action plan is critical

It is inevitable that a privacy breach or cyberattack will result in a loss of trust. How quickly that trust is rebuilt comes down to response.

An effective data breach response plan should outline a strategy for identifying, containing, assessing and managing a data breach incident.

Consideration should be given to an organisation’s ability to communicate rapidly in a crisis, and across scenarios such as ransomware attack, privacy breach or supply chain breach.

Plan for a data breach crisis before you are in the middle of one.