Paradise lost: a decade of data breaches

Do you think the moat around Australia extends around your business and hackers won’t target you? It doesn’t, and research says data breaches will be the elephant-in-the-conference-room at your next IT meet.

Australia has to date been sheltered from much of the painful data breach disclosure laws sweeping the world, and organisations here appear to have avoided the high-profile hacks that have plagued others over the last decade. But are we as lucky as it would appear?

No. For starters, the seas that girt Australia offer illusionary security, according to Gartner. Research vice-president, Rich Mogull said Australian organisations are being hacked and losing data. “It’s just hidden,” Mogull said. Moreover, he said, we are in a worse position than others because of our close proximity to Asian countries where data breaches are rife.

A recent investigation into 16 organisations by privacy and data protection research firm, the Ponemon Institute, revealed that the average cost of a data breach incident in Australia is $2 million, or $123 per lost record. It equates to more than 16,000 lost records per breach. The most expensive single local breach topped $4 million, the cheapest went for $410,000, with 3300 to 65,000 records pinched or lost each time. Hacking was behind almost half of the attacks.

In March, that the account details of 42,000 St George Bank customers were sent to the wrong clients thanks to a glitch by outsourcer, Salmat. The incident followed embarrassing admissions by Medicare to newspaper of 234 serious data privacy breaches by employees in 2007. Meanwhile, Federal Finance Minister, Lindsay Tanner, is preparing to review mandatory data breach disclosure laws as recommended by the Australian Law Reform Commission (ALRC) in its . The controversial changes are expected to be put on ice at least until the federal election has passed.

In the US, two-thirds of companies which suffered a major breach in 2009 had evidence of the intrusion in their logs, but failed to notice, according to a Verizon business risk team report of 500 forensic data breach investigations.