Huntsman Security’s new analysis of UK and Australian data breach statistics reveals that a small portion of incidents cause the vast majority of personal data exposure. The study urges a shift in focus from breach counts to the number of individuals affected, arguing that basic, well-executed cybersecurity controls could prevent most harm. It also spotlights slow breach detection and reporting, especially in Australia, as a major compounding factor.
Key takeaways include:
- Basic controls like MFA, patching, and regular backups could significantly reduce breach impact.
- 30% of incidents account for 90% of exposed data across the UK and Australia.
- In the UK, 29% of breaches with known causes accounted for 13.9M out of 17.6M compromised records in 2024.
- In Australia, 32% of incidents led to 77% of data loss, with 98% of exposed records tied to malicious attacks.
- Australian orgs took an average of 48 days to detect breaches and 86 days to report them, increasing individual risk and regulatory exposure.
What’s the lesson here?
Stopping every breach isn’t realistic, but focusing on the most common and preventable threats can make a big difference. Phishing, malware, ransomware, and unauthorized access cause most of the damage, and protections like multi-factor authentication, regular patching, and secure backups are essential for protecting individuals and limiting the impact.
What other topics are trending?
- Qantas hack results in theft of 6 million passengers’ personal data: The Australian airline giant experienced a data breach that compromised the personal information of at least six million passengers, including names, email addresses, phone numbers, dates of birth, and frequent flyer numbers.
- Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones: A security flaw in the Android spyware app Catwatchful exposed sensitive data from over 62,000 users and 26,000 victims, including emails, passwords, photos, messages, and real-time locations.
- Crash data breach exposes 300,000 records: Attackers compromised the Texas Department of Transportation (TxDOT) Crash Records Information System (CITS) to exfiltrate sensitive data including names, addresses, license, and insurance details. TxDOT discovered the breach on May 12 and disclosed it publicly in June.
The Soapbox: Online conversations you don’t want to miss
Featuring insights from our Co-Founder & CTO, James Ciesielski.
The bots in your browser are working hard…and giving attackers everything they need to get in
Industry take: At Aety, we often see that AI agents transform the security landscape; their lack of intuition and high privileges create blind spots. This requires DevOps teams to prioritize built-in security measures and robust data backup. We must ensure that automation does not compromise security, but rather enhances it. – Kristian Thomsen, Chief Commercial Officer, Aety
Join the conversation on Reddit.
What painful manual tasks do you wish were automated?
My take? There are plenty of tasks that can be automated, from repetitive compliance checks to incident reporting workflows and tedious log reviews. But while automation can ease the burden, as cybersecurity leaders we still have a responsibility to protect our data and our customers’ data. That means any automation must be implemented with security and privacy at the forefront. Efficiency matters, but trust matters more.
Join the conversation on Reddit.
Industry news & events
Catch it on demand! Cloud compliance webinar
How confident are you in your cloud compliance strategy? Don’t miss Cloud compliance unlocked: Rethinking GRC for data resiliency, an on-demand webinar that gathers experts from Amazon Web Services, Adaptavist, and Rewind to explore what modern laws, regulations, and standards like SOC 2, ISO 27001, HIPAA are really asking for—and how to meet those expectations without slowing down your delivery teams.
Subscribe to Retro for more!
Like what you read? Subscribe to Retro so you don’t miss any of our industry’s top stories and conversations.
Miriam Saslove">
