Australian businesses and government agencies reported an unprecedented 1,113 data breaches in 2024 - the highest annual total since mandatory reporting began in 2018, according to the Office of the Australian Information Commissioner (OAIC).

The latest statistics for July to December 2024 reveal 595 data breaches were reported to the OAIC during this period, contributing to the year's total figure. This represents a significant 25% increase from the 893 notifications recorded in 2023.

"The trends we are observing suggest the threat of data breaches, especially through the efforts of malicious actors, is unlikely to diminish, and the risks to Australians are only likely to increase," warned Australian Privacy Commissioner Carly Kind.

"Businesses and government agencies need to step up privacy and security measures to keep pace."

The Australian experience mirrors global trends identified in Pentera's 2025 State of Pentesting survey, which found that 67% of enterprises worldwide reported security breaches in the past 24 months. The impact of these breaches has been substantial, with 76% of Chief Information Security Officers (CISOs) reporting significant consequences including unplanned downtime (36%), data exposure (30%), and financial loss (28%).

Malicious and criminal attacks continue to be the primary source of breaches in Australia, accounting for 69% of notifications in the second half of 2024, with cyber security incidents representing 61% of those attacks. The OAIC has specifically highlighted phishing and social engineering/impersonation as common attack methods requiring increased vigilance.

Health service providers and the Australian Government reported the highest number of data breaches (20% and 17% respectively), demonstrating that both private and public sectors remain vulnerable to attacks.

In response to these escalating threats, enterprises globally are investing heavily in security measures. According to Pentera's survey, U.S. companies allocate an average of $US187,000 annually to penetration testing alone – representing 11% of their total IT security budgets, which average $US1.77 million.

The OAIC report also highlights that government agencies continue to lag behind the private sector in identifying and notifying data breaches promptly, despite some improvements.

"Time is of the essence with data breaches as the risk of serious harm often increases as days pass. Timely notification ensures people are informed and can take steps to protect themselves," Commissioner Kind emphasized.

As data breaches continue to rise in Australia and globally, organizations face mounting pressure from both regulators and insurers to strengthen their security posture. Pentera's survey found that 59% of enterprises have adopted at least one new security solution at the request of their cyber insurance provider – highlighting how financial incentives are increasingly driving security investments.