Data breaches are becoming more common

Cyberattacks often inflict millions of dollars in damage on organisations, eroding public trust in their ability to safeguard private information and attracting the scrutiny of regulators and investors.

Recent attacks on the Australian Parliament’s servers and Toyota Australia have elevated fears about Australia’s ability, or lack thereof, to defend its national security and local businesses against soaring cybercrime.

These fears are justified.  

Among nations in the Asia Pacific region, Australia not only suffers the greatest number of cyberattacks, but also bears the highest cost for an attack.

81% of Australian organisations face more than 5,000 cybersecurity alerts per day, far surpassing the global average of 33%. In addition, 52% of Australian organisations have claimed loss as between $1 million to $5 million USD, compared to only 23% in Japan and 25% in India.  

Among more serious attacks this year, the personal details of around 30,000 Victorian Government employees were stolen, and a ransomware attack on two Melbourne health clinics encrypted 15,000 patient files.

Millions of accounts and sensitive details became vulnerable to hackers, who corrupted the data or used it to commit offences such as identity fraud, blackmail and extortion.  

Reputational risk at an all-time high

Organisations regulated by the Australian Privacy Act 1988 are now required to notify the Office of the Australian Information Commissioner (OAIC) and all affected individuals when a data breach involving their personal information is likely to result in serious harm. This is called the Notifiable Data Breaches Scheme.

Data breaches such as the loss or theft of a device containing customers’ personal information, a database hack, or human error resulting in personal information mistakenly provided to the wrong person need to be reported.

This means businesses must promptly inform customers of a breach, alerting other stakeholders including regulators, investors, and the media at the same time.

If they are repeatedly exposed to the same risk, or delay informing customers of a risk, this will prolong negative media coverage and may turn a formerly competitive company into a ‘what-not-to-do’ case study for other businesses.  

For example, London telecoms company TalkTalk experienced a sustained data breach in 2015. They incurred AUD$77 million in business costs, AUD$733,915 in regulatory fines and lost 101,000 subscribers.

The writing is on the wall for organisations who manage personal information about their staff or customers. It is essential to be well equipped against cyberattacks and to ensure that any occurrences are communicated and managed effectively and transparently.

In the event of a data breach, the greatest risk to a company’s recovery is the haemorrhaging of stakeholders due to reputational damage and loss of confidence.

The Civic Group understands the importance of managing reputational risk. With a proven track record of risk management across government and private sectors, The Civic Group is well-placed to help your company prepare for risk management in the digital age. For more information email us at or call us on +61 439 452 431.