Australian businesses unprepared for data breach surge

New research finds that two-thirds of organisations in Australia are inadequately prepared to deal with cyber-security incidents, despite recent rises in data breach activity.

Data loss and theft of private information incidents went up by 78.68% in 2018 compared with 2017, while data breaches experienced through third-party providers and suppliers also increased by 74.3%, according to the 2018/2019 BDO and AusCERT Cyber Security Study.

In the same time period, data breaches via third-party providers and suppliers also went up by 300% for professional and technical service organisations, while data loss and theft of confidential information experienced in the same sector increased by 670%.

Respondents in the survey also revealed a significant increase in suspected attacks from overseas governments. Around 64% of the attacks were said to be down to malicious activity, and 33% were caused by human error.

Most of the organisations in the study said they were confident in their ability to meet compliance standards currently in place in Australia, compared with 66% of firms which said they had no predefined plan or the ability to contain, entirely remove and recover from breakdowns in cybersecurity.

The average cost of a data breach for an organisation in Australia currently stands at nearly $US 2million – a huge financial risk that helps to explain why 86.4% of organisations surveyed said they intend to have a cyber-security awareness programme implemented within the next year. That figure increases to 84.8% regarding organisations that intend to put cyber-security risk assessments in place by 2020.

Data breaches at Dell, HealthEngine and PageUp have taken up headline space in Australia recently, highlighting inherent vulnerabilities in the security systems of some of the country’s biggest and most trusted data handlers. The breach incidents have contributed to calls for greater investment in cyber-security awareness throughout the nation, as well as in incident management in professional services.

Besides the financial implications of a cyber breach, organisations can expect to concede reputational damage as a result of data protection failures. A recent Gemalto study found that consumers Down Under are more likely than citizens in other countries to stop dealing with a company in retail, finance or healthcare, should those companies experience a data breach. Over two-thirds of citizens surveyed said they would go elsewhere if financial and other sensitive details were lost or stolen by the firms they relied upon.

Cybersecurity expert, Leon Fouche urged all industries to increase their efforts to educate employees on cybersecurity through better training, so that people are able to take a stronger stance on the data protection landscape.

“While recent compliance regulations have boosted data breach notification numbers and industry leaders have endorsed the implementation of more comprehensive resilience measures, many Australian organisations do not have the capability to detect a breach or respond to it in a manner that contains cost and reputational damage,” Fouche said.

“Sophisticated cyber-attacks and data breaches sit alongside weapons of mass destruction and natural disasters in terms of their ability to disrupt and damage; however, in many business cases, the focus on preventative measures has far outweighed response or incident management.

“Every organisation should have a pre-defined plan, which is regularly tested, to ensure that everyone in the organisation knows what to do and how to respond to cyber security incidents,” he continued.


European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.