Ignorance is risk Australian SME Cyber Preparedness report 2019

In February 2018, the Office of the Australian Information Commissioner (OAIC) introduced regulations making it mandatory for any organisation or agency covered by the Privacy Act of 1988 to report a data breach that is ‘likely to result in serious harm to an individual whose personal information is involved’.

SMES MISS THE MEMO

While larger companies seem to understand their obligations, SMEs may have missed the memo.

Less than one third (31 per cent) of Australian SMEs are aware of their obligations under the Notifiable Data Breaches (NDB) scheme and just under half (47 per cent) say they are not aware. 

One in five (21 per cent) of those surveyed say they did not fall under the scheme.

This is cause for concern. The NDB scheme received 967 breach notifications between 1 July 2018 through to 30 June 2019 and it is highly likely there were many more breaches that have gone — and continue to go — unreported.

Understanding precisely what type of data breaches require notification remains patchy, even among those who said they were aware of their obligations.

RAISING AWARENESS

This is the second edition of Chubb’s SME Cyber Preparedness Report for Australia and has been prepared following positive feedback to the company’s inaugural 2018 report.

In the coming years, cyber risk is forecast to substantially cost businesses globally in lost revenue.

As one of the world’s largest and longest-serving cyber insurers, Chubb believes this report is important for raising awareness about the issues that small and medium-sized enterprises (SMEs) face in managing cyber risk. 

 Read the Whitepaper