Australia SME Cyber Preparedness Report 2019

Ignorance is Risk

Australia SME Cyber Preparedness Report 2019

The second annual Chubb SME Cyber Preparedness Report - ‘Ignorance is Risk’, revealed that nearly half (47%) of Small and Medium Enterprises (SMEs) in Australia are unaware of their cyber reporting obligations under the Notifiable Data Breaches (NDB) scheme introduced in February 2018.

One in two (49%) SMEs said they had been the victim of a cyber incident. Rather than continuing to be vigilant, the findings suggest that SMEs have become overly confident when it comes to their cyber risk preparedness, with one in three (32%) senior leaders assuming their businesses will never experience a cyber incident.

Key Findings

SMEs were generally unclear about the type of data breaches that required notification under the NDB scheme - just 43% knew that “an employee browsing sensitive customer records without any legitimate purpose” is a notifiable breach.

The most common incidents in the past 12 months were:

  • phishing compromises (21%),
  • data loss (15%)
  • business interruption as a result of system malfunctions or technical faults (13%)

Close to half (49%) of SMEs do not have a data breach response plan, while 79% are confident they can overcome a breach by sophisticated hackers within 24 hours.




Only 27% of SMEs have cyber risk insurance.
Are you interested in Chubb Cyber ERM?