Notifiable Data Breaches first Quarterly report released

Human error is as great of a cyber risk as a malicious attack

The Office of the Australian Information Commissioner (OAIC) has released its first quarterly (Jan-Mar) report into notifiable data breaches, which shows 63 reported breaches since the scheme began on 22 February 2018.

This statistic indicates the scheme is average more than two notifications every business day after just 38 days.

The first snapshot reveals that human error is as great of a cyber risk as a malicious attack. Human error triggered almost half of the breaches reported, while malicious attacks involving the theft of personal information or cyber security incidents were mostly responsible for the other half. Human error may include inadvertent disclosures, such as by sending a document containing personal information to the incorrect recipient.

This highlights the importance of investing in training in the workplace and internal communication to mitigate the cyber risk.

This was closely followed by malicious or criminal attacks as the source of the data breach. Malicious or criminal attacks usually involve the theft of personal information, or cyber security incidents resulting from unauthorised access to an entity’s systems.

Key statistics from the first quarterly report include:
  •           Top five sectors that notified the OAIC of eligible data breaches included health service providers (24 per cent of notifications), legal, accounting and management services (16 per cent), finance (13 per cent), private education (10 per cent), and charities (6 per cent).
  •           78 per cent of eligible data breaches were reported to involve individual’s contact information. 33 per cent were reported to involve health information and 30 per cent to involve financial details.
  •           51 per cent of the eligible data breach notifications received indicated that the cause of the breach was human error. 44 per cent of breaches were reported to be the result of malicious or criminal attack, and 3 per cent the result of system faults.
  •           59 per cent of data breach notifications reported that the personal information of between one and nine individuals was affected. 90 per cent of data breach notifications related to breaches involving the personal information of less than 1,000 individuals.


There is no such thing as an impenetrable system; this is why in today’s digital age Cyber Insurance is a must for your business to mitigate your exposure in the event of a cyber-attack.

In the event of a serious data breach, cyber insurance may provide financial protection for your business. Policies can cover losses arising from hacking, human error or accidental loss of client information, including the costs associated with cyber response and business interruption.

CRM Brokers will work with you to find the right policy that mitigates your potential exposure from this emerging risk,  call us on 1300 880 494, or alternatively complete our online quotation form, click here to start.


Stay Informed – Connect with us on LinkedIn
Important Notice

This article provides information rather than financial product or other advice. The content of this article, including any information contained in it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.

Information is current as at the date the article is written as specified within it but is subject to change. CRM Brokers make no representation as to the accuracy or completeness of the information. Various third parties have contributed to the production of this content. All information is subject to copyright and may not be reproduced without the prior written consent of CRM Brokers.