Notifiable Data Breach Scheme looms

The ramifications of cyber hacks are about to increase dramatically.

From Thursday 22 February, Australia’s notifiable data breaches (NDB) scheme comes into force.

The scheme requires notification of unauthorised access to, disclosure of, or loss of information likely to result in serious harm.

The NDB scheme means you cannot keep silent on data breaches and hope for the best. From 22 February 2018, breaches must be reported to both the Office of the Australian Information Commissioner and people affected.

A wide range of entities are at risk and the statistics are horrifying. For example:

  • 63% of confirmed data breaches involved leveraging weak, stolen or default passwords and usernames
  • 22% of small businesses breached by ransomware attacks in 2017 were so badly affected they could not continue operating

  • 41% of people surveyed globally could not identify a phishing email; 30% of phishing emails were opened and 12% clicked on infected links or attachments.



The number of Australian businesses using commercial cloud computing services had risen from 19% to almost one third in just one year and just because your clients’ data is in the cloud, doesn’t mean it is protected.

Lax security is frequently to blame for breaches. We suggest you review your current arrangements with cloud and other third-party service providers and, where possible, encrypt sensitive information before disclosing it to third parties.

Claims experience at cyber specialist Emergence Insurance shows that:

  • Multiple backups are a must
  • Whether or not the NDB scheme is triggered in a ransomware attack, business impact and reputational damage can be substantial
  • Encryption can effectively protect data.



You are only as safe as your weakest link.

A cyber insurance policy is part of every successful business’s risk management framework. Cyber insurance is not the first line of defence; it is designed to protect a business when its IT security, policies and procedures fail to stop an attack.

Please call us on 1300 446 787 to discuss your needs.