The latest quarterly report released by the Office of the Australian Information Commissioner (OAIC) shows businesses with less than 1000 employees account for the majority of reported cyber breaches, with sole operators leading the pack.
The report found that the OAIC had been notified of 215 breaches from February to March 2019, a decrease from the previous quarter but with a significant upswing (19 reported breaches) in March.
While large organisations with thousands of staff recorded single figure breaches, business with less than 100 employees accounted for 82 and sole operators for 65 of the 215 total. The potential impact of a cyber breach for small or micro enterprises could be terminal.
The human factor
The statistics show that 61% of attacks over the quarter were caused by a malicious or criminal attack, 35% were due to human error and 4% to a system fault.
“This latest report highlights that to limit cyber risk, it takes more than online or computer-based solutions,” Robyn Adcock, Cyber Technology Practice Leader at Gallagher, says.
“Regular staff training is a really important way to make sure your business is protected, as people are often the weakest link in the defence of a business.”
Many incidents in this quarter appear to have exploited vulnerabilities involving a human factor, such as clicking on a phishing email or by using social engineering or impersonation to obtain access to personal information fraudulently, the report notes.
Simple mistakes such as sending personal information to the wrong recipient and unintended releases of information made up 20% of data breaches over the quarter, making a strong case for businesses to place increased emphasis on staff training.
While more than half (66%) of malicious attacks involved phishing, malware or ransomware, brute force attacks or compromised or stolen credentials, theft of paperwork or devices, and bad actors within the company made up a significant 28%: another sign that businesses should look to their staff as a first step in cyber security.
Mitigating against cyber attacks is the best method to avoid any potential damage to a business but cyber insurance can also help to pick up the pieces should something go wrong.
“All businesses, no matter their size, industry or if they fall under Mandatory Breach Notification legislation should look to become more cyber aware, before it’s too late,” Adcock advises.
Gallagher can help businesses formulate preventative strategies, as well as deal with the impact of a data breach. Talk to a Gallagher cyber specialist about how our Gallagher cyber security specialists can help you limit your cyber security exposure.