Notifiable Data Breaches Report 2024 – A Clear Indication of the Importance of Cybersecurity

September 20, 2024

The Office of the Australian Information Commissioner’s latest statistics are a clear indication of not just the importance of cybersecurity for Australian businesses, but also how cyberattack numbers are continuing to increase year by year.

Some of the key points from the Notifiable Data Breaches Report 2024 are:

  • Data breach notifications are up 9% compared to the previous period of July – December 2023.
  • Health Service Providers are the top sector affected by data breaches, with Australian Government in second spot.
  • 63% of data breaches affected 100 people or fewer.
  • 67% of data breaches were via malicious or cybercriminal attacks.
  • 30% of data breaches were via human error.
  • Phishing is the number one type of cyberattack successfully implemented by cybercriminals.

This is just a snapshot of the full report, with the document providing incredible insight into just how vulnerable Australian businesses still are presently in the current digital climate.

Let’s take a deeper look into the Notifiable Data Breaches Report 2024, to provide Australian businesses with the insight and knowledge they need to best keep their companies safe.

What is the Notifiable Data Breaches Report 2024?

graphic of a bright blue cybersecurity padlock symbol

Firstly, what is the Notifiable Data Breaches Report 2024?

Why exactly is it so important for Australian businesses?

As Adept IT Solutions has previously reported, Australians have already lost over $17 million to cyber scams in just 6 months during 2024. This report, however, focuses on the Australian business landscape. The Notifiable Data Breach Scheme, launched in 2018, applies to all businesses under the Australian Privacy Act 1988 and outlines a responsibility to notify individuals affected by a data breach.

The Notifiable Data Breaches Report is then created, with information and data sourced from 6-month periods to provide insight into the digital landscape of Australia.

Key Findings from the Notifiable Data Breaches Report 2024

The first key finding from the report was that from January to June this year, the OAIC received 527 data breach notifications. This is the highest number of notifications received since the July to December 2020 period and, alarmingly, is an increase of 9% compared to the previous 6 months.

While 63% of data breaches affected 100 or fewer people, one incident that was reported affected over 10 million Australians. This is the second data breach recorded to affect more than 10 million Australians and is the highest number of individuals affected by a breach since the Notifiable Data Breach Scheme came into effect.

number codes matrix like with cyber attack text in centre

Human error accounted for 30% of data breach sources. This serves as yet another reminder of the importance of cybersecurity awareness training for staff within Australian businesses.

Phishing was the primary source of cyberattacks that resulted in data breaches for businesses, with 31% of cases occurring via this method. Ransomware was next on the list, with 24% of cases. This shows that over half of all cyberattacks are coming from just two sources, showing how significant the two are in the digital landscape.

Ultimately, whilst all these statistics are insightful and provide perspective on just how the landscape of cybersecurity is for Australian businesses currently, the message is unmistakable from the OAIC. There is now a clear expectation for businesses and entities to comply with their obligations.

Carly Kind, Australian Privacy Commissioner provided a clear indication of the expectations that are now placed upon Australian businesses, and further emphasises just how important it is to implement robust cybersecurity practices within your organisation.

It is no longer acceptable for privacy to be an afterthought; entities need to be taking a privacy-centric approach in everything they do

Carly Kind, Australian Privacy Commissioner

Next Steps for Businesses Looking to Improve Cybersecurity

The Notifiable Data Breaches Report for 2024 has made it abundantly clear that cybersecurity is no longer an option but a necessity for businesses of all sizes. With the report highlighting a significant rise in data breaches due to inadequate security measures, it’s crucial for companies to reassess their approach to data protection and invest in robust Managed IT support and Services to safeguard sensitive information.

Here are some actionable steps businesses should take based on the report’s findings:

multi-factor authentication person holding phone with password in front of laptop

Implement Multi-Factor Authentication (MFA)

One of the key takeaways from the Notifiable Data Breaches Report is the role of compromised credentials in data breaches. Implementing Multi-Factor Authentication (MFA) can significantly reduce the risk of unauthorised access to critical systems and data. MFA adds an extra layer of security by requiring users to verify their identity through multiple methods, making it much harder for cybercriminals to breach the system. This is a simple yet effective step that businesses can adopt with the guidance of their IT services provider.

Invest in Employee Training and Awareness

Human error remains a significant factor in data breaches, as highlighted in the 2024 Notifiable Data Breaches Report. Phishing attacks and poor password practices continue to plague organisations. To mitigate this risk, businesses should invest in comprehensive cybersecurity training programs. These programs, supported by IT services professionals, should educate employees about recognising phishing attempts, creating strong passwords, and reporting suspicious activities. Regular training sessions and updates can empower employees to become the first line of defence against cyber threats.

Partner with a Trusted Managed IT Services Provider

Finally, businesses should consider partnering with a reputable Managed IT Services provider to handle their cybersecurity needs. The complexity of modern cyber threats requires specialised expertise and resources that many businesses may not have in-house. A Managed IT Services provider can offer continuous monitoring, advanced threat detection, and incident response capabilities, ensuring that businesses are well-protected against potential data breaches.

Contact Adept IT Solutions Today for Enhanced Cybersecurity

Adept IT Solutions, a local IT Support provider with over 20 years of experience in the Newcastle, Central Coast and Sydney areas, is a fantastic choice for Australian businesses looking for a reliable MSP.

Alongside an extensive list of services, Adept IT Solutions can provide robust cybersecurity systems to take your business to the next level.

To get in touch with the team today, please contact us at 1300 423 378 or email us at info@adept-it.com.au. We look forward to hearing from you and helping support your business stay protected.

Check out our other articles

graphic of a padlock resting on a motherboard to promote cyber awareness month in 2024

FREE Cybersecurity Awareness Kit