Preparing for new Australian data protection regulations

Embarrassing data breaches and crippling cyberattacks

During 2016, Australia recorded the highest number of data breaches in the Asia-Pacific region, which included some high profile organisations such as the Australian Red Cross Blood Service and Australian Bureau of Statistics.  Several large scale cyberattacks also made world headlines in the first half of 2017, with the WannaCry ransomware outbreak on 12th May 2017, hitting traffic cameras in Australia and the Petya assault from just a few days ago, which brought production at Cadbury factories to a standstill.

Significant organisational impacts

These incidents prove that organisations of all sizes are at risk from cyberattacks that can lead to data loss and have a significant impact on a company's reputation, resulting in lost business and substantial remediation costs. Ponemon Institute and IBM recently reported the average cost of an Australian data breach to be around AUD139 per compromised record, with malicious incidents making up 48 per cent of data breaches, while 28 per cent caused by a negligent employee, and IT problems accounting for the remaining 24 per cent.

Mandatory data breach notifications

The majority of those breaches can be fixed easily as long as organisations implement basic safeguards to protect their infrastructure, data and email systems supported by a comprehensive data breach response plan. A data breach notification plan supports the organisation's ability to remediate a breach quickly, and with new data breach notifications becoming mandatory from February 2018, organisations will be required by law to notify the Office of the Australian Information Commissioner (OAIC) in the event of an 'eligible data breach'. Penalties for non-compliance with the laws would see the Information Commissioner investigating data breaches and enforcing penalties of up to AUD1.8 Million.

International alignment

This new legislation brings Australia into alignment with the US and European Union and provides Australians with greater clarity about the privacy of their personal information, including sensitive data in email.

Protecting email

Email is a critical business communication tool and by its nature contains personal information stored in mailboxes and data archives. However, spear-phishing, ransomware, and impersonation attacks are plaguing organisations, with 90 percent of phishing attacks starting with email, making it the single biggest threat vector to businesses and the data they manage.



Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

GDPR Compliance – The Final Stretch

Tooling up for GDPR, the clock is tickin…

Tooling up for GDPR, the clock is ticking In less than 12 m… Read More >

Mimecast Contributing Writer

by Mimecast Contributing Writer

Mimecast Contributing Writer

Posted Jul 03, 2017

The Mimecast Email Security Risk Assessment – Benchmarking Email Secur…

Would it surprise you to learn that in r…

Would it surprise you to learn that in recent testing Mimeca… Read More >

Matthew Gardiner

by Matthew Gardiner

Director of Product Marketing

Posted Feb 14, 2017

Creating a Cyber Resilient GDPR Strategy

 GDPR - An opportunity for positive…

 GDPR - An opportunity for positive change Imagine for… Read More >

Mimecast Contributing Writer

by Mimecast Contributing Writer

Mimecast Contributing Writer

Posted Apr 11, 2017