Comes amid a decline of 16 per cent in overall data breach notifications.

Credit: Dreamstime

Data breach notifications stemming from ransomware are on the rise, during the six months to June 2021, rising by 24 per cent compared to the period six months prior.



The Office of the Australian Information Commissioner (OAIC) received 46 notifications for breaches of this type during the period, out of 446 data breach notifications in total, according to the Commission’s Notifiable Data Breaches Report: January–June 2021.

This is down by 16 per cent from the July to December 2020 period, which saw 539 data breach notifications overall.

“We know from our work and from the Australian Cyber Security Centre that ransomware attacks are a significant cyber threat,” Australian Information Commissioner and Privacy Commissioner Angelene Falk said.

“The nature of these attacks can make it difficult for an entity to assess what data has been accessed or exfiltrated and because of this we are concerned that some entities may not be reporting all eligible data breaches involving ransomware.

“We expect entities to have appropriate internal practices, procedures and systems in place to assess and respond to data breaches involving ransomware, including a clear understanding of how and where personal information is stored across their network.”

For overall breaches, the industry with the highest number of data breaches was health services at 85 breaches; followed by finance with 57; legal, accounting and management services with 35; and then insurance and the Australian government both with 34 each.

Human error breaches were down from the previous report, from 38 per cent to 30 per cent, which was notable across all of the top five industries save for the Australian government, where it accounted for 74 per cent of the breaches.

“Human error remains a major source of data breaches. Let’s not forget the human factor also plays a role in many cyber security incidents, with phishing being a good example,” Falk added.

“Organisations can reduce the risk of human error by educating staff about secure information handling practices and putting technological controls in place.”