In recent days, both Ticketek Australia and Ticketmaster have experienced breaches which have exposed customer details to hackers. They join a growing list of high-profile data breaches that have put the privacy of millions at risk.

For example, in 2022, Optus disclosed a breach of 9.8 million records. In 2023, Latitude, the Australian financial services firm, experienced a data breach of more than 14 million records.

My own university, the Australian National University, experienced a data breach of 200,000 records in 2018. Dan Murphy's, Football Australia, Microsoft, Nissan, Dell, Roku, Suncorp and Shell have all experienced breaches so far in 2024.

Despite advancements in technology and increased awareness of cybersecurity threats, companies continue to fall victim to breach attacks.

It may feel like these breaches are becoming more frequent, and that seemingly any firm is a data breach target waiting to happen. But the situation is not quite so clear-cut.

What happens in a data breach?

A data breach is an unauthorized access or disclosure of sensitive, confidential or private information: customer identities, payment methods, account details, purchase histories and so on.

Breaches can happen when cyber criminals exploit vulnerabilities in computer systems, networks, applications or physical security to gain unauthorized access to protected data. They can also access data when it's accidentally made available outside the organization, perhaps by an incorrectly addressed email or a lost USB memory stick.

Australia has actually seen a fairly steady rate of notifiable data breaches since 2020—around 450 every six months, according to the Office of the Australian Information Commissioner.

While these figures are higher than when the notifiable data breach program began in 2018, it's important to understand this is partly a consequence of requiring organizations to disclose breaches: the more you look for something, the more you're going to find it.

Even if the number of data breaches is not increasing significantly, the average cost and severity of these breaches has risen substantially. According to IBM, the average cost of a data breach was US$4.45 million (A$6.69 million), an increase of 15% over three years. So what's driving these increases?

This article is republished from The Conversation under a Creative Commons license. Read the original article.