Financial services data breaches fall

John Kavanagh

Data breaches reported by the financial services industry fell last year, providing some evidence that the work by banks and other financial institutions to improve cyber security is getting results.
 
According to the Office of the Australian Information Commissioner’s latest Notifiable Data Breaches Report, there were 483 notifications between July and December - a 19 per cent increase compared with the six months to June 2023.
 
However, over that period breaches reported by financial services companies fell 9 per cent to 49. And over the 12 months to the end of 2023, breaches reported by financial services companies fell 28 per cent.
 
The OAIC said 67 per cent of all data breaches in the six months to December were the result of malicious or criminal attack, and 44 per cent resulted from cyber security incidents. The types of cyber security incidents included phishing, stolen or compromised credentials, ransomware, hacking and malware.
 
Other breaches were the result of system error and human error.
 
Breaches affecting 100 or fewer individuals made up 65 per cent of notifications. Twenty-nine breaches affected 10,000 or more individuals.
 
The OAIC said rapid detection helps limit the impact of breaches. Around two-thirds (64 per cent) of breaches were identified within 10 days, but 23 per cent were identified more than 30 days after they occurred.