NDB statistics frame the sector risk
The Needlework Tours incident sits within a broader pattern of elevated cyber activity that Australian insurers are already pricing and managing. The Office of the Australian Information Commissioner (OAIC) received 532 notifiable data breach reports in the first half of 2025 (H1 2025) – a 10% decrease from the record set in the prior six-month period, but still, in the OAIC’s words, “at a high level.” Malicious or criminal attacks accounted for 59% of those notifications, with cyber security incidents the most common mechanism. The average number of individuals affected per cyber incident in that period was just over 10,000 – a figure the Needlework Tours incident, at more than 16,000 affected customers, exceeds. Human error contributed to 37% of all breach notifications in the first half of 2025, up from 29% in the prior period, a rise the OAIC flagged as evidence that personnel vulnerabilities remain significant regardless of the strength of an organisation’s technical defences. IBM research cited by the OAIC placed the average cost of a data breach to a business at $4.26 million in 2024 – a figure that gives context to the financial exposure sitting behind small operator incidents that might otherwise attract limited attention.
Click Here For The Original Source.
