News Releases

Half of Australian SMEs Are Still Unaware of their Cyber Reporting Obligations
- Almost half (49%) of SMEs do not have a data breach response plan
- Only 43% of SMEs are investing in cyber risk training for their employees
- Just over a quarter (27%) of Australian SMEs have cyber risk insurance
Oct 9, 2019

The second annual Chubb Australia SME Cyber Preparedness Report 2019 – ‘Ignorance is Risk’ – released today, reveals 47% of Small and Medium Enterprises (SMEs ) in Australia are not aware of their obligations under the Notifiable Data Breaches (NDB) scheme.  

This follows the introduction of the NDB scheme by the Office of the Australian Information Commissioner (OAIC) in February 2018, which requires businesses covered under the Privacy Act to report data breaches involving personal information.

“While larger companies seem to understand their obligations, SMEs are less clear,” said Andrew Taylor, Cyber Underwriting Manager, Chubb Asia Pacific.  The report found that many SMEs do not understand precisely what type of data breaches require notification.

“This is a huge cause for concern. A cyber incident can be catastrophic for a smaller organisation, and this lack of understanding around reporting obligations raises the stakes further. While the NDB scheme is receiving more notifications, it is highly likely that many more breaches have gone – and continue to go – unreported.”

The NDB scheme received 967 breach notifications between 1 July 2018 through to 30 June 2019.

Misplaced Cyber-Confidence

In 2019, one in two (49%) SMEs said they had been the victim of a cyber incident, down on the previous year where 64% had fallen victim. Rather than continuing to be vigilant, the findings suggest that SMEs have become overly confident when it comes to their cyber risk preparedness, with one in three (32%) senior leaders assuming their businesses will never experience a cyber incident. SMEs also are less worried about the impact on their business, with significant drops across four key areas of concern:

  2019 2018
Relationship with customers 36% 51%
Revenue and sales 40% 50%
Public reputation 33% 47%
Cost of the incident 38% 51%

Increased Awareness but Still Unprepared

Fewer leaders (31%) feel that their employees do not recognise how serious the threat of cyber risk is to their business, down from 45% in 2018. 

However, several other findings reveal that there is still a long way to go:

  • Close to half (49%) of SMEs do not have a data breach response plan.
  • 79% are confident they can overcome a breach by sophisticated hackers within 24-hours.
  • Only 43% of SMEs in Australia are investing in cyber risk training for their employees.
  • Just over one quarter (27%) of SMEs have cyber risk insurance.

“We believe Australian SMEs must review their preparations closely and ensure they are adequately equipped to manage cyber risk.” said John DePeters, Cyber and Technology Industry Practice Manager, Australia and New Zealand.

“In the coming years, the global economic cost of cyber risk is forecast to increase substantially. With SMEs making up 96% of all businesses in Australia, they will be hardest hit. We hope our research can raise awareness around cyber preparedness and emphasise to SMEs that, when it comes to cyber incidents, ignorance is risk not bliss.”  

Visit Chubb’s website for more details:

About the Chubb SME Cyber Preparedness Report 2019

This year’s report, ‘Ignorance is Risk’, has been produced by Chubb. It is based on a survey of 1,400 respondents from Small and Medium Enterprises (SMEs) in four locations; 400 each from Australia and Malaysia, and 300 each from Singapore and Hong Kong. Respondents comprised board-level executives (82%) and senior managers or directors below board level (18%) from SMEs between 2 to 249 employees. The industries respondents belonged to are: Manufacturing (20%), Professional Services (19%), Retail & Hospitality (13%), Technology (8%), Education (7%), Financial Services (5%), Healthcare (4%), Media & Communications (4%); and other industries (20%).

About Chubb in Australia

Chubb is the world's largest publicly traded property and casualty insurance company. With operations in 54 countries and territories, Chubb provides commercial and personal property and casualty insurance, personal accident and supplemental health insurance, reinsurance and life insurance to a diverse group of clients. As an underwriting company, we assess, assume and manage risk with insight and discipline. We service and pay our claims fairly and promptly. The company is also defined by its extensive product and service offerings, broad distribution capabilities, exceptional financial strength and local operations globally. Parent company Chubb Limited is listed on the New York Stock Exchange (NYSE: CB) and is a component of the S&P 500 index. Chubb maintains executive offices in Zurich, New York, London, Paris and other locations, and employs more than 30,000 people worldwide. 

Chubb, via acquisitions by its predecessor companies, has been present in Australia for 100 years. Its operation in Australia (Chubb Insurance Australia Limited) provides specialised and customised coverages including Business Package, Marine, Property, Liability, Energy, Professional Indemnity, Directors & Officers, Financial Lines, Utilities as well as Accident & Health, to a broad client base, including many of the country’s largest companies. Chubb also serves successful individuals with substantial assets to protect and individuals purchasing travel and personal accident insurance.

More information can be found at

Media contacts

Robin Moore
Chubb Insurance Australia Limited 
O +61 2 9335 3343    M +61 434 180 553 

Judith Bence
MHP Communications
M +61 415 903 849