Public exposure and responses to data breaches in Australia: October 2022
This paper reports Australians' views about data trust, cybercrime and data breaches and how these have changed. It is based on data from four waves of the ANUpoll collected over the period October 2019 to October 2022, with the two most recent waves being collected between the 8th and 22nd of August, and the 10th and the 24th of October. This allows the estimation of the short-run impacts of a major and high-profile data breach of data held by a major Australia telecommunication company in September 2022 on Australians trust in various institutions to maintain data privacy and how various groups should be able to use data.
Almost one-third of Australians report that they had been exposed to a data breach in the previous 12-months. Trust in key institutions and types of organisations with regards to data privacy declined quite substantially between August and October 2022, though on average across eight types of institutions/organisations trust still remained higher than pre-COVID-19. The largest decline across the eight types of institutions/ organisations asked about in the survey was for telecommunications companies, which is not surprising given the September 2022 data breach was of data held by Optus Telecommunications. There was also a decline in trust in companies that people use to make purchases online, universities and other academic institutions, as well as the Australian Bureau of Statistics.
The researchers do not find much evidence that specific concerns about cybercrimes increased in the twelve months to October 2022. However, there is some evidence that those who have experienced a data breach themselves have become more likely to be ‘very concerned’ about identity theft. However, between October 2021 and 2021 there was a large increase in the per cent of Australians who thought that governments should intervene with regards to companies’ use of data and a decline in the per cent of Australians who thought that companies are better equipped to protect their data or that it was up to consumers themselves.