Associations amongst sectors hardest hit by cyber breaches - new report

Associations have been revealed as one of the top five business sectors that have reported the most data breaches since the introduction of the national Notifiable Data Breaches scheme in February.

The Office of the Australian Information Commissioner (OAIC) released its first full quarterly report since the advent of the Notifiable Data Breaches (NDB) scheme revealing that Australian businesses had report 242 data breaches from April-June 2018, with 15 arriving from business and professional associations.

Associations saw the 5th highest amount of breaches of any sector falling behind health service providers, finance, legal, accounting and management services, and education.

John Apter, Gallagher's Association Relationships Manager, said that the highlights the importance of managing cyber risk for associations and their members.

“The report shows that associations and their members cannot afford to ignore their cyber risk,” Apter said. “The OAIC have found that attacks are becoming more commonplace for all businesses and these figures represent clear evidence that associations are not immune.”

Attack vectors

Of the 15 reported attacks, the OAIC report notes that 11 were from a malicious or criminal attack, three were based on human error and one was down to a system fault.

Cyber threatPhishing attacks were the most common criminal activity that led to a data breach for associations, the report states, while malware and stolen credentials also posed a risk.

Apter noted that while there were only three human error related breaches, the simplicity of the problem shows that cyber security is more than just a firewall.

“The three human error breaches occurred when personal information was sent to the wrong recipient,” Apter continued. “This really shows the importance of training and compliance to limit the risks that associations face.”

The ever-present threat of cyber breaches also make it imperative for associations to consider adding cyber insurance cover to their association insurance program.

"Although cyber insurance won’t in itself stop breaches from happening, it can help compensate your business for any lost income brought about by cyber attacks, or liability costs related to loss of customer data,” said Apter. "It’s a highly relevant and cost-effective product, which addresses a very real and growing threat."

If your association needs advice on cyber insurance or any aspect of its insurance program, contact Jamie Lansdown on 03 9412 1688 or email Our Association Insurance Guide is also available as a free download.

Download our association insurance guide here 

Access1st blog
Access1st mailing list