Human Error Remains Key Cause Of Notifiable Data Breaches

Human Error Data Breach

Human error remains a key cause of notifiable data breaches, according to the latest quarterly report from the Office of the Australian Information Commissioner (OAIC).

While malicious or criminal attacks are still the largest source of notifiable data breaches (NDBs), accounting for 57%, human error is second with cyber incidents exploiting human vulnerabilities, for example, encouraging people to click on phishing emails or disclose passwords.

Gerry Power, Head of Sales at Cyber Insurer Emergence, said: “The continued propensity for human error to cause NDBs is a disturbing insight because it shows businesses are not educating staff enough on how to identify phishing emails or handle personal information appropriately.”

Source Emergence

Human Error and Data Breaches

Human error accounted for 37% of data breaches in the latest report. Emailing personal information to the wrong recipients was the most common human error data breach (12%). Second highest was failing to use the BCC function when sending group emails, which impacted on an average of 494 people each breach.

Gerry said the healthcare industry continued to be the worst-performing sector, recording 18% of data breaches and human error was responsible for more than half those. “That gives an insight into why some cyber insurers will not write the healthcare industry for data breaches,” he said.

The finance sector was the second-worst performing industry for the second consecutive quarter, with 14% of breaches.

The legal, accounting and management services sector was a close third. Gerry said Emergence’s claims data backed that up. “The accounting profession is a honeypot of data for cyber criminals,” he said.

Notifiable Data Breache Scheme

The NDB scheme was introduced on 22 February 2018 and, since then, OAIC has had 550 notifications, including 245 in the July-September quarter. That compares to only 114 notifications in the 12 months before the scheme’s launch.

As knowledge of the NDB scheme increases in the business community, the number of known data breaches will continue to rise.

Education is the key to reducing the human error element of NDBs.

Emergence conducts in-house education sessions, online seminars, and a social media program to educate brokers and their clients about the need for diligence and risk management to avoid data breaches and cyber attacks.

The increasing rate of notifications highlights the need for cyber insurance. Emergence’s cyber policy gives insureds 24/7 access to an Australian-based incident response team of experts who understand the importance of immediately mitigating potential threats to insureds’ businesses.

Emergence’s policy includes cover for reporting data breaches to OAIC, regulatory investigations, and costs of communicating data breaches to affected individuals.

“A cyber policy is part of every successful business’s risk management framework. Cyber insurance is not the first line of defence; it is designed to protect a business when its IT security, policies, and procedures fail to stop an attack,” Gerry said.

Organisations can reduce the potential for NDBs through risk management practices such as:
• Employee training, including strong password protection strategies and raising awareness about the importance of protecting personal information
• Restricting administration privileges
• Conducting daily backups
• Continuously patching operating systems and software
• Implementing multi-factor authentication.

Emergence is a pioneer of cyber cover in Australia and provides protection for SMEs through to ASX-listed entities.

Compare Cyber Insurance

Cyber Insurance Comparison

 

Please note Cyberliabilitycomparison.com.au Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

 

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on the inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs

The importance of cyber insurance

Why is cyber insurance important?

Cyber-attacks or data breaches can take many forms, from deliberate attacks to technology issues or simple negligence. As modern business is reliant on computer systems and networks, a breach of data or a shut-down of service can have a major impact on your business with many small businesses unable to operate afterwards.

Cyber Insurance can help in the event of a breach

Small businesses are particularly vulnerable to cyber-attacks of all kinds and it can be very costly. Aside from the cost of notifying your customers, you may also face costs for PR, credit monitoring, investigations response and compliance related activity, compensation for affected customers and engaging experts.

Most of these costs aren’t covered by normal business insurance, which is why it is important to speak to your insurance broker to make sure you are covered in case of a breach or attack.

Information provided by Know Risk.

Click Here To Compare Cyber Insurers

[pardot-form id=”489″ title=”Cyber Insurance”]

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs