Written by:
Published on:
Category:
Liam Benson
May 15, 2025
Cyber Security
You might have heard that cyber threats are on the decline, and it’s tempting to believe we’re finally getting ahead of the curve. But the reality? OAIC Notifiable Data Breaches Report (July to December 2024) paints a different picture.
While the report details 595 notifiable data breaches in the second half of 2024 (up from 518 in the first half), it’s critical to understand that this represents only a fraction of the actual activity.
The OAIC report covers only the reportable data breaches that have been officially reported, and not every data breach is legally required to be reported. In fact, based on industry experience and regulatory trends, it’s estimated that only around 20% of breaches are ever reported. So, while the numbers in the report may appear “low,” they represent just a slice of the real picture.
The truth is, we simply don’t know how many data breaches actually occurred between July and December 2024. However, if this 20% estimate holds, the real number could exceed 2,000 incidents.
These figures aren’t just statistics, they’re signals.
Signals that cybercrime isn’t slowing down. It’s accelerating.
Here is the TLDR (Too Long Didn’t Read) insights from the report:
(that mean something – not just meaningless statistics with no context)
It’s easy to imagine hackers in dark rooms as the primary threat, but the more pressing danger often sits within your organisation. The report highlights 27 incidents caused by insider threats, and these aren’t just malicious employees. They include accidental actions, inadequate access controls, and management oversights that expose data.
One misconfigured setting. One disgruntled staff member. One email was sent to the wrong person. That’s all it takes.
While you’re implementing or not implementing AI to improve operations, cybercriminals are using it to automate, scale, and personalise attacks. They’re creating deepfake videos, writing convincing phishing emails, and launching real-time voice impersonations—all with minimal effort.
The OAIC report shows 84 phishing-related breaches and 51 stemming from compromised or stolen credentials. It’s clear that AI is reshaping the threat landscape, and most businesses aren’t prepared for it.
Whether you're in healthcare, finance, law, retail or government, you're handling information criminals want. Full names, birth dates, Medicare numbers, and client contact lists are a currency on the dark web. Once stolen, it can be used to impersonate others, apply for loans, redirect payments, or commit more serious crimes.
Breaches involving ransomware typically affected over 26,000 individuals per incident. In some cases, these numbers represent not just reputational risk but legal and financial fallout for years to come.
You don’t need a security degree to protect your business. You need your people to think twice before clicking, posting, or sharing. What is the most common error behind breaches? A human mistake.
According to the OAIC report:
- 170 breaches were caused by human error.
- Most involved unauthorised disclosure or sending info to the wrong person.
- These breaches had a median impact of just 1 person, but some affected hundreds.
The fix? Make it frequent, and make it stick.
We’ve seen it firsthand: the more often teams complete cyber awareness training, the sharper and more alert they become. It sounds simple, but the impact is real. Across our own client base, we’ve observed a measurable drop in staff falling for phishing simulations, just by making training regular and engaging.
When training isn’t an annual checkbox exercise but a cultural norm, people start spotting threats before they become disasters.
We’re not here to scare you. But the stats speak for themselves.
We want to make it clear: you have a choice.
Indecision is a decision.
You can wait and hope it never happens to you. Or you can take a simple, smart step now that could save you months of crippling stress and financial pain.
And honestly? For many businesses we speak to, the biggest blocker isn’t unwillingness, it’s uncertainty. We find most leaders don’t know where to start.
And that’s completely fair. Cyber can feel overwhelming, technical, and full of grey areas.
However, ignoring it doesn’t make the risk disappear.
At EvolveCyber, we’re not here to sell you a long-term contract. Our mission is straightforward: to minimise the impact of cyber breaches on businesses that store and manage sensitive data.
That starts with a one-off cyber risk review, an objective, third-party check to see if your house is in order.
But here’s the truth:
A business that’s 95% protected will consistently outperform one that’s sitting at 60%.
60% beats 40%. And 40% beats doing nothing.
It’s a sliding scale of risk, and every step forward matters.
It’s not about being perfect. It’s about knowing where you’re exposed and fixing it before someone else forces you to.
However, you need to identify your areas of weakness.
It’s not about being perfect. It’s about knowing where you’re exposed—and fixing it before someone else finds it.
That’s what an independent review gives you: clarity, objectivity, and a clear plan.
🔍 Book your once-off cyber assessment today
You now have a choice. Make the call while it’s yours to make.
Or wait, and be forced later.
One will cost significantly more than the other.
The ball’s in your court.
Please fill out the form below, and our team will connect with you.
Reach out to us directly by phone for any inquiries.
In person appointments by prior arrangement
Stay connected and join the conversation on our social media channels.
