Australia SME Cyber Preparedness Report 2018

Too Small To Fail?

Australia SME Cyber Preparedness Report 2018

The risk of cyber incidents for Australian companies is on the rise, but how prepared are Small and Medium Enterprises (SMEs) to navigate and manage these risks?

Chubb and YouGov conducted a survey of 400 senior SME business and IT leaders in August and September 2018. In our report ‘Too Small to Fail?’, we look at the types of cyber incidents SMEs in Australia are facing, what their attitudes are towards these risks, and how they are managing the fallout from these incidents. 

Key Findings

60% of SMEs have experienced a cyber incident in the past 12 months.

SMEs seem confident in managing a cyber incident, 87% believe they can overcome a cyber incident and 56% believe that they can contain an incident within 12 hours, but responses seem to contradict that belief;

  • 30% do not know which data files are affected after a breach
  • 45% are not confident that their employees who have access to sensitive data are fully aware of their data privacy responsibilities.

Worryingly, 28% of SMEs took no action following a cyber incident

The top three cyber incidents caused by internal factors were data loss or business interruption from system malfunction, technical fault and human error.
SMEs largely feel that the Head of IT and/or the CEO should be responsible for cybersecurity.


The report also contains some great tips on how SMEs can protect themselves from cyber risk and case studies from real Chubb cyber claims.

Download Report

Fill in the form below to download "Too Small to Fail? Australia SME Cyber Preparedness Report 2018".


Personal Data Protection

The primary purpose for our collection and use of your personal information is to enable us to provide insurance services to you. In dealing with us, you agree to us using and disclosing your personal information as set out in our Privacy Statement and our Privacy Policy. This consent remains valid unless you alter or revoke it by giving written notice to our Privacy Officer. However, should you choose to withdraw your consent it is important for you to understand that this may mean we may not be able to provide you or your organisation with insurance. Please also consider that we say in our Privacy Statement:

Please note that no personal information is disclosed by us to any overseas entity for marketing purposes. In all instances where personal information may be disclosed overseas, in addition to any local data privacy laws, we have measures in place to ensure that those parties hold and use that information in accordance with the consent you have provided and in accordance with our obligations to you under the Privacy Act 1988 (Cth).

Please select captcha