Over half of notifiable data breaches caused by human error
By Warwick Andersen, Rob Pulham and Keely O’Dowd
Following on from Friday’s blog, we have looked at a particular aspect of the Office of the Australian Information Commissioner’s Notifiable Data Breaches Scheme quarterly report in more detail.
Interestingly, the report revealed that just over half of the data breaches notified to the OAIC were caused by human error (for example, by incorrectly addressing an email). This suggests to us that organisations have an opportunity to mitigate the risk of a data breach occurring and in turn, reducing the need to notify data breaches to the OAIC. While some cyber risks are outside of our control, human error is not.
Organisations can reduce the risk of suffering a data breach by having processes in place to mitigate the risk of human error and inadvertent disclosures occurring. This may include technology solutions, addressing cyber risk as part of an organisation’s enterprise risk management, regularly conducting privacy training with all staff and undertaking privacy impact assessments for high risk projects.