The second annual Chubb SME Cyber Preparedness Report - ‘Ignorance is Risk’, revealed that nearly half (47%) of Small and Medium Enterprises (SMEs) in Australia are unaware of their cyber reporting obligations under the Notifiable Data Breaches (NDB) scheme introduced in February 2018.
One in two (49%) SMEs said they had been the victim of a cyber incident. Rather than continuing to be vigilant, the findings suggest that SMEs have become overly confident when it comes to their cyber risk preparedness, with one in three (32%) senior leaders assuming their businesses will never experience a cyber incident.
|SMEs were generally unclear about the type of data breaches that required notification under the NDB scheme - just 43% knew that “an employee browsing sensitive customer records without any legitimate purpose” is a notifiable breach.|
The most common incidents in the past 12 months were:
Close to half (49%) of SMEs do not have a data breach response plan, while 79% are confident they can overcome a breach by sophisticated hackers within 24 hours.
|Only 27% of SMEs have cyber risk insurance.|