Leading cause of data breaches is malicious intent. Credit: Getty Images Cyber attackers are increasingly setting their sights on multiple Australian targets at the same time, a new government report has suggested. According to the latest Notifiable data breaches report from the Office of the Australian Information Commissioner (OAIC), secondary notifications about breaches hit 121 in the six-month period between July and December 2023. This marked a 317 per cent rise between from the previous six-moth period of January to June, whereby only 19 such notifications were recorded. The OAIC also said the volume of secondary notifications may be indicative of the level of multi-party breach reporting or may relate to a primary notification received in a prior reporting period. In total, the July to December 2023 period saw 483 data breaches reported to the OAIC, up 19 per cent from the first half of the year. “The increased occurrence of incidents that affect multiple parties is a reason we are seeing data breaches grow in complexity, scale and impact,” said Australian Information Commissioner Angelene Falk. “Organisations need to proactively address privacy risks in contractual agreements with third-party service providers.” Malicious or criminal attacks remained the leading source of data breaches, accounting for 322 notifications, with the majority of those — 211 notifications — being cyber security incidents. Human error was the second major cause at 30 per cent, while system error took up just 2 per cent. The health and finance sectors remained the top reporters of data breaches, with 104 and 49 notifications respectively. Alarmingly, ransomware and compromised credentials were the second highest type of breach, both sitting at 27 per cent. Phishing took the top spot at 28 per cent. Hacking and malware took the next two spots with 10 and 5 per cent respectively, while brute physical force for credentials amounted to 3 per cent. “Organisations need to proactively address privacy risks in contractual agreements with third-party service providers. “This includes having clear processes and policies in place for handling personal information and a data breach response plan that assigns roles and responsibilities for managing an incident and meeting regulatory reporting obligations,” Falk added. Related content news Cloudflare recognises top APAC partner talent at Partner Awards The Missing Link Security, NTT Australia and Dicker Data all took home wins. By Sasha Karen 15 Aug 2024 2 mins Business Operations Industry Security news CrowdStrike bids farewell to A/NZ MD Brett Raphael resigns but says it's not due to the CrowdStrike incident By Lilia Guan 14 Aug 2024 3 mins Careers Security Vendors and Providers news Optus expands security offerings with Devo partnership Includes AI-driven monitoring cyber security. By Lilia Guan 12 Aug 2024 1 min Managed Service Providers Security Vendors and Providers news Huntress partners with CyberCert for SMB1001 certifications Huntress MSP partners will gain SMB1001 certifications and can also offer them to their customers. By Sasha Karen 07 Aug 2024 2 mins Managed Service Providers Security Vendors and Providers SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe