facebook social sharing Australia SME Cyber Preparedness Report 2019

Australia SME Cyber Preparedness Report 2019

Ignorance is Risk

Australia SME Cyber Preparedness Report 2019

The second annual Chubb SME Cyber Preparedness Report - ‘Ignorance is Risk’, revealed that nearly half (47%) of Small and Medium Enterprises (SMEs) in Australia are unaware of their cyber reporting obligations under the Notifiable Data Breaches (NDB) scheme introduced in February 2018.

One in two (49%) SMEs said they had been the victim of a cyber incident. Rather than continuing to be vigilant, the findings suggest that SMEs have become overly confident when it comes to their cyber risk preparedness, with one in three (32%) senior leaders assuming their businesses will never experience a cyber incident.

Key Findings

SMEs were generally unclear about the type of data breaches that required notification under the NDB scheme - just 43% knew that “an employee browsing sensitive customer records without any legitimate purpose” is a notifiable breach.

The most common incidents in the past 12 months were:

  • phishing compromises (21%),
  • data loss (15%)
  • business interruption as a result of system malfunctions or technical faults (13%)

Close to half (49%) of SMEs do not have a data breach response plan, while 79% are confident they can overcome a breach by sophisticated hackers within 24 hours.

Only 27% of SMEs have cyber risk insurance.

Download Report

Interested to know more? Fill in the form below to download the full report.


Personal Data Protection

The primary purpose for our collection and use of your personal information is to enable us to provide insurance services to you. In dealing with us, you agree to us using and disclosing your personal information as set out in our Privacy Statement and our Privacy Policy. This consent remains valid unless you alter or revoke it by giving written notice to our Privacy Officer. However, should you choose to withdraw your consent it is important for you to understand that this may mean we may not be able to provide you or your organisation with insurance. Please also consider that we say in our Privacy Statement:

Please note that no personal information is disclosed by us to any overseas entity for marketing purposes. In all instances where personal information may be disclosed overseas, in addition to any local data privacy laws, we have measures in place to ensure that those parties hold and use that information in accordance with the consent you have provided and in accordance with our obligations to you under the Privacy Act 1988 (Cth).

Please select captcha