Brought to you by:

Cyber criminals target insurance

Facebook Twitter LinkedIn Google

The insurance industry is increasingly being targeted by data thieves, according to the latest data breaches report from the Office of the Australian Information Commissioner (OAIC).

It reported 35 breaches in the six months to June, the fourth-highest for the period and for the first time joined the list of the five sectors with the most cases.

The health sector remains as the industry with the most breaches, with 115 notifications or 22% of the cases reported. Finance was second (15%), followed by education (8%), insurance (7%) and legal, accounting and management services (5%).

The OAIC says in its Notifiable Data Breaches report that 28 of the 35 insurance industry cases were malicious or criminal attacks and the remaining seven the result of human error.

Eight of the malicious or criminal attacks were defined as a “cyber incident”, with two phishing breaches, three cases of compromised or stolen credentials, one ransomware detection and two reports of brute-force attacks.

In a brute-force attack automated software is used to generate a large number of consecutive guesses as to the value of the desired data, for example passwords.

The other 20 malicious or criminal attacks were linked to social engineering or impersonation, where perpetrators rely heavily on human interaction to manipulate their targets into breaking normal security procedures and best practices in order to gain access to systems, networks or physical locations.

The total number of data breaches reported in the first half of this year by all sectors increased 16% to 518 cases from a year earlier but was down 3% from the December half.

Cyber incidents made up 69% of malicious or criminal attacks, which dominated the number of data breaches notified during the period, accounting for 61% of the overall cases.

Most of the cyber incidents were linked to phishing (36%), followed by compromised or stolen credentials (25%), ransomware (15%) and hacking (13%).

OAIC says the rise in ransomware attacks to 33 from 13 in the December half is a concern.

Law firm Clyde and Co Senior Associates Sophie White and Reece Corbett-Wilkins say there has been a rise in clients seeking help with ransomware attacks, particularly with legal and reputational issues.

“The complexity around the forensic investigations of ransomware incidents means that it can take some time for a business to determine what data has been accessed and in some cases taken from their environment,” they told

“This means companies hit by ransomware have to act fast to manage their response, which in some cases includes engaging with threat actors and paying demands – which can exceed tens of millions of dollars in larger scale matters.”