Powered by MOMENTUM MEDIA
subscribe to our newsletter
2 in 5 financial sector data breaches due to human error

2 in 5 financial sector data breaches due to human error

Two in five data breaches in the financial services sector are attributable to human error, a new OAIC report has concluded.

The Office of the Australian Information Commissioner (OAIC) released its Notifiable Data Breaches Scheme 12-month Insights Report this week, which showed that the finance industry was the second-most prone to data breaches, following health.

Of the 1,132 total data breach notifications recorded between 1 April 2018 to 31 March 2019 – which represents the first 12 months of the mandatory data breach-reporting (NDB) scheme for businesses coming into effect – 138 were reported by financial services firms.  

Advertisement
Advertisement

Fifty-seven, or 41 per cent, of these breaches were attributable to human error, such as personal information being sent to the wrong recipient.

Meanwhile, 77, or 56 per cent, were due to malicious or criminal attacks, while just four, or 3 per cent, of the breaches were attributed to system faults.

“The consistent presence of the health and finance sectors at the top of the rankings throughout the year likely reflects the scale of data holdings, volume of processing activities and/or sensitivity of the personal information held by those sectors, as well as those sectors’ higher preparedness to report data breaches,” the OAIC report states.

“Both industries have also been subject to long‑standing information protection obligations (including duties of confidentiality and strict regulatory frameworks) which have likely contributed to their relative maturity and preparedness to meet obligations under the NDB scheme.”

Due to the accelerating threat of cyber attacks, the Australian Prudential Regulation Authority (APRA) created a cross-industry prudential standard, CPS 234, focused on the management of information security at regulated entities.

Coming into effect on 1 July 2019, the infosec standard requires authorised deposit-taking institutions, and other regulated entities, to:

  • “clearly define” information security-related roles and responsibilities
  • “maintain an information security capability commensurate with the size and extent of threats to their information assets”
  • implement controls and regularly test their effectiveness to protect assets (including those managed by related and third parties) from new threats
  • have “robust mechanisms” in place to detect and respond to information security breaches in a timely manner
  • notify APRA of information security incidents (that had a material impact or could have an impact on the entity or the interests of depositors, policyholders, beneficiaries or other customers) within 72 hours of becoming aware of them

The standard also stipulates that company boards are “ultimately responsible for ensuring that the entity maintains its information security”.

APRA has also been updating its Prudential Practice Guide CPG 234 Management of Information and Information Technology to help entities fulfil their requirements.

Another survey of 1,000 consumers, conducted by Roy Morgan and commissioned by Deloitte, revealed that consumer trust in the privacy practices of financial institutions had fallen the steepest over the last three years.

According to Deloitte’s Privacy Index 2019, the finance sector has dropped from first place in 2016 and 2017, and second place in 2018, to ninth in 2019.

“Financial services has seen the biggest loss in trust in privacy but is still in positive territory, meaning more consumers trust than distrust financial services brands with their personal information,” the report states. 

The IT sector was considered the most trustworthy when it comes to privacy, followed by real estate, travel and transport, and energy and utilities.

On the other hand, the report ranked the finance sector as the best-performing industry on one of the criteria in the study, with 94 per cent of finance apps providing a privacy policy.

[Related: Deloitte research paints dim picture of trust in banks]

2 in 5 financial sector data breaches due to human error
Data
mortgagebusiness

Tas Bindi

Tas Bindi is the features editor on the mortgage titles and writes about the mortgage industry, macroeconomics, fintech, financial regulation, and market trends.  

Prior to joining Momentum Media, Tas wrote for business and technology titles such as ZDNet, TechRepublic, Startup Daily, and Dynamic Business. 

You can email Tas on: This email address is being protected from spambots. You need JavaScript enabled to view it.

 

 

Latest News

APRA’s proposal to loosen serviceability measures could reignite the credit boom, Moody’s has said, amid growing expectations that the m...

The median time on market for a residential dwelling has almost doubled, reflecting subdued demand for housing amid falling property prices,...

NAB and Westpac are among the 56 banks to endorse the United Nations’ Principles for Responsible Banking that will be launched in Septembe...

FROM THE WEB
podcast

LATEST PODCAST: How the mortgage sector will be impacted by the federal election

Do you think the banking royal commission recommendations could negatively impact competition in the mortgage market?

Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.