realestatebusiness logo

Subscribe to our newsletter

2 in 5 financial sector data breaches due to human error

Two in five data breaches in the financial services sector are attributable to human error, a new OAIC report has concluded.

The Office of the Australian Information Commissioner (OAIC) released its Notifiable Data Breaches Scheme 12-month Insights Report this week, which showed that the finance industry was the second-most prone to data breaches, following health.

Of the 1,132 total data breach notifications recorded between 1 April 2018 to 31 March 2019 – which represents the first 12 months of the mandatory data breach-reporting (NDB) scheme for businesses coming into effect – 138 were reported by financial services firms.  

Fifty-seven, or 41 per cent, of these breaches were attributable to human error, such as personal information being sent to the wrong recipient.

Meanwhile, 77, or 56 per cent, were due to malicious or criminal attacks, while just four, or 3 per cent, of the breaches were attributed to system faults.


“The consistent presence of the health and finance sectors at the top of the rankings throughout the year likely reflects the scale of data holdings, volume of processing activities and/or sensitivity of the personal information held by those sectors, as well as those sectors’ higher preparedness to report data breaches,” the OAIC report states.

“Both industries have also been subject to long‑standing information protection obligations (including duties of confidentiality and strict regulatory frameworks) which have likely contributed to their relative maturity and preparedness to meet obligations under the NDB scheme.”

Due to the accelerating threat of cyber attacks, the Australian Prudential Regulation Authority (APRA) created a cross-industry prudential standard, CPS 234, focused on the management of information security at regulated entities.

Coming into effect on 1 July 2019, the infosec standard requires authorised deposit-taking institutions, and other regulated entities, to:

  • “clearly define” information security-related roles and responsibilities
  • “maintain an information security capability commensurate with the size and extent of threats to their information assets”
  • implement controls and regularly test their effectiveness to protect assets (including those managed by related and third parties) from new threats
  • have “robust mechanisms” in place to detect and respond to information security breaches in a timely manner
  • notify APRA of information security incidents (that had a material impact or could have an impact on the entity or the interests of depositors, policyholders, beneficiaries or other customers) within 72 hours of becoming aware of them

The standard also stipulates that company boards are “ultimately responsible for ensuring that the entity maintains its information security”.

APRA has also been updating its Prudential Practice Guide CPG 234 Management of Information and Information Technology to help entities fulfil their requirements.

Another survey of 1,000 consumers, conducted by Roy Morgan and commissioned by Deloitte, revealed that consumer trust in the privacy practices of financial institutions had fallen the steepest over the last three years.

According to Deloitte’s Privacy Index 2019, the finance sector has dropped from first place in 2016 and 2017, and second place in 2018, to ninth in 2019.

“Financial services has seen the biggest loss in trust in privacy but is still in positive territory, meaning more consumers trust than distrust financial services brands with their personal information,” the report states. 

The IT sector was considered the most trustworthy when it comes to privacy, followed by real estate, travel and transport, and energy and utilities.

On the other hand, the report ranked the finance sector as the best-performing industry on one of the criteria in the study, with 94 per cent of finance apps providing a privacy policy.

[Related: Deloitte research paints dim picture of trust in banks]

2 in 5 financial sector data breaches due to human error

Latest News

Discover some of the top news stories impacting the mortgages space in this weekly wrap-up. ...

The financial watchdogs have remained wary of risks to the housing market as cash rate rises flow through to mortgage customers. ...

Australia’s household wealth has reached $14.9 trillion largely due to house price momentum, yet quarterly growth has continued its recent...


Join Australia's most informed brokers

Do you know which lenders are providing brokers and their customers with the best service?

Use this monthly data to make informed decisions about which lenders to use. Simply contribute to the survey and we'll send you the results directly to your inbox - completely free!

What is the maximum proportion of income borrowers should use to service a mortgage?

Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.