Australia’s mining and manufacturing sectors are taking too long to discover cyber breaches, with new figures revealing delays that could stretch over a year before a breach is discovered.
Data compiled by industrial cybersecurity team Secolve and obtained under Freedom of Information laws shows 187 data breaches were reported across the two sectors since 2018, impacting the personal data of as many as 3.6 million people, ABC News reported.
The figures show that one operator failed to identify a breach for 520 days, then waited another 84 days before filing a report with the Office of the Australian Information Commissioner (OAIC).
Mining and manufacturing companies that detected security breaches were also slow to notify the regulator, taking an average of 39 days to report incidents once detected.
Seven data breaches took more than a year to be identified and reported to the OAIC.
Secolve’s analysis found that more than nine in 10 breaches in the mining and manufacturing sectors come from malicious or criminal attacks, far above the national average. Malware-related attacks took an average of 146 days to detect.
The Minerals Council of Australia said its members responded in “a timely manner” to regulatory requirements, including in relation to critical data breaches.
Regulators have sought to increase transparency in relation to cyberattacks. The OAIC launched a new dashboard tracking the five sectors most impacted by data breaches, but mining and manufacturing are not included in that dashboard.
Miners and manufacturers may not deal directly with consumers, but they still hold large volumes of employee and contractor data. More than half of the reported breaches, 53 per cent, exposed financial information, and 40 per cent included tax file numbers.
Macquarie University Cyber Security Hub executive director Dali Kaafar said the data highlighted a “critical weakness” in Australia’s data breach regime.
“The real takeaway here is how long it’s taking some operators to detect and report breaches. That delay is not just procedural, but it increases the harm,” Professor Kaafar said.
