The Australian government has entered the top five most breached industries for the first time according to the Office of the Australian Information Commissioner (OAIC).
Between July to December 2020, the Federal Government reported 33 data breaches to the commissioner, accounting for 6 per cent of all breaches in the latest Notifiable Data Breaches (NDB) report.
The numbers put the government in fifth place for the number of breaches, behind health, finance, education and legal respectively.
In the six-month period, the OAIC received 539 data breach notifications, an increase of 5 per cent on the previous six months.
The OAIC initially counted 518 breaches in its June report but has since revised the number to 512.
According to the OAIC’s report, 58 per cent of all data breaches were due to criminal activity, accounting for 310 notifications during the period.
Human error was responsible for 38 per cent of data breaches, while system fault was responsible for 25 notifications, or 5 per cent.
This marks a significant increase both in terms of the total number received – up 18 per cent – and proportionally – up from 34 per cent to 38 per cent of all notifications.
Although the OAIC has yet to “conclusively prove a link”, it noted the increase could be linked to the coronavirus pandemic shift to remote working arrangements.
“In the past six months, we saw an increase in human error breaches both in terms of the total number of notifications received – up 18 per cent to 204 – and proportionally – up from 34 per cent to 38 per cent,” commissioner Angelene Falk said.
“The human factor is also a dominant theme in many malicious or criminal attacks, which remain the leading source of breaches notified to my office.
“Organisations need to reduce the risk of a data breach by addressing human error – for example, by prioritising training staff on secure information handling practices.”
Once again, health service providers again notified the most data breaches, forming 23 per cent of any industry sector, followed by finance, which notified 15 per cent of all breaches.