The director-general of the Australian Signals Directorate has urged government organisations and businesses to treat cybersecurity with the same concern as financial performance, audits and risk.
Rachel Noble told The Australian Financial Review that organisations must prioritise data security, noting that leaders may be hesitant to delve into unfamiliar territory.
“Organisations must back up their data regularly, know how and where their data is stored and make sure it is kept up to date,” she said.
“Business and governments are still on a journey, as there can be a fear of technology among some senior leaders.
“Whoever is the key senior person responsible for the health and management of the network I would make sure has a direct line to the CEO.”
Her comments came shortly after the Office of the Australian Information Commissioner released a report on Notifiable Data Breaches (NDB), which revealed the number of data breaches from July to December 2019 increased by 19%.
According to the report, 537 breaches were notified under the NDB scheme, up from 460 in the previous six months. Malicious or criminal attacks (including cyber incidents) continued to be the leading cause of data breaches (64%), while data breaches caused by human error accounted for 32%.
The health sector remained as the highest reporting sector, notifying 22% of all breaches, followed by finance. Human error caused 43% of data breaches in health, compared to an average of 32% across all notifications. Most data breaches affected less than 100 individuals, with contact information remaining the most common type of personal information involved in a data breach.
Australian information commissioner and privacy commissioner Angelene Falk said the NDB scheme has encouraged organisations to take preventative action to combat data breaches and deliver best practice response strategies.
“Where data breaches occur, organisations and agencies must move swiftly to contain the breach and minimise the risk of harm to people whose information has been compromised,” she said on Friday.
Noble argued the leaders of organisations must also “be aware of their network environment and service provision” in cybersecurity agreements with third-party cybersecurity contractors.