The revelation was published as part of the 12-month insights report put together by the Office of the Australian Information Commissioner, which has compiled an extensive amount of data during the first year of the scheme’s operation.
The report noted malicious or criminal attacks accounting for 60 per cent of all breaches, followed by human error at 35 per cent, with system faults accounting for a mere 5 per cent of data breaches.
Across the legal, accounting and management services sector specifically, a total of one hundred breaches were recorded in the 12-month period from 1 April last year.
Human error accounted for 39 of the individual notifiable breaches, while 59 notifications were caused by malicious or criminal attacks.
Just two were a result of a system fault, it was said.
Health service providers and finance were the two sectors which made the highest number of notifications over the first twelve months of the scheme’s operation, and were the only two sectors with higher rates of data breach notifications than the legal, accounting and management space.
According to the report, the consistent presence of the health and finance sectors at the top of the rankings throughout the year likely reflects the scale of data holdings, volume of processing activities and/or sensitivity of the personal information held by those sectors, as well as those sectors’ higher preparedness to report data breaches.
Finance and health service providers have also been subject to long standing information protection obligations (including duties of confidentiality and strict regulatory frameworks), it was noted, which has likely contributed to relative maturity and preparedness to meet obligations under the NDB scheme by relevant parties.
The report went on to explain that most breaches notified during the period impacted a small number of individuals, with 83 per cent affecting fewer than 1,000 people.
This was attributed to a possible prevalence of poor workplace practices by one employee, resulting in scenarios where dozens of records are breached, rather than high-volume data loss incidents from single system compromise.
“This points to the need for improved data handling practices at operational levels within entities,” it continued.