We're sorry but your browser is not supported by Marsh.com.au

For the best experience, please upgrade to a supported browser:


Risk In Context

Notifiable Data Breaches 12-month Insights Report

Posted by Kristine Salgado 01 July 2019

The Office of the Australian Information Commissioner has recently released its ‘Notifiable Data Breaches 12-month Insights Report’ that looks into the first year since the Notifiable Data Breaches (NDB) scheme was introduced in Australia in February 2018.

“Overall, it was anticipated that the NDB scheme would raise confidence amongst consumers about the entities that they are dealing with, and the increased transparency would provide consumers with more information to make informed choices about whether to transact with particular entities”.

This statement, by the Australian Information Commissioner and Privacy Commissioner Angelene Falk, is perhaps one of the most significant elements of the report as it reinforces the crucial reason Australia’s privacy legislation underwent it’s major overhaul: consumer protection. In a modern world where data is highly accessible to businesses and consumers are increasingly being asked to provide more sensitive information, regulators are tasking the corporate world with the responsibility of maintaining the safety of consumer data.

The report provides valuable insights into the number of reported incidents, the types of breaches occurring and in which sectors. Information is provided on the major data breaches which occurred in Australia, and what companies can learn from these. Importantly the report also compares the Australian regime against other data breach notification laws around the world. Globally the regulatory landscape continues to transform at a rapid pace; privacy laws will continue to evolve to prioritise rights for consumers and provide individuals with greater control over how their data is collected, used and retained.

Cyber risks continue to grow and evolve, not only creating balance sheet issues, but impacting branding and operations as well. The costs involved in investigating and responding to a breach, including notifying affected individuals, paying for legal counsel and employing a crisis management team can be substantial. Additional costs may also arise from third party claims, including allegations of breach of privacy and regulatory actions.

Marsh’s Cyber team has developed a range of risk assessment and quantification tools to help clients identify, manage and transfer the risk associated with various cyber events, including the risk exposures arising from the Notifiable Data Breach Scheme.  Please contact a member of the Marsh Cyber team or your servicing broker for further information.

The Notifiable Data Breaches 12-months Insights Report can be found here.

Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238983) arrange insurance and are not an insurer. Any statements concerning legal matters are based solely on our experience as insurance brokers and risk consultants and are not to be relied upon as legal advice, for which you should consult your own professional advisors. This document is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. The information contained herein is based on sources we believe reliable, but we make no representation or warranty as to its accuracy.  Marsh shall have no obligation to update this publication and shall have no liability to you or any other party arising out of this publication or any matter contained herein.

Related to:  Cyber Risk , Cyber Risk

Kristine Salgado

Kristine commenced her insurance career in 2009 under a graduate program with a global broking organisation, gaining experience across corporate, commercial and financial lines divisions. Kristine specialises in Directors and Officers, Professional Indemnity, Crime and Cyber insurance policies with strong experience in all facets of broking including placement, claims management and technical wording reviews. Kristine has partnered with leading insurers to establish Cyber insurance facilities for various business segments, enabling clients to access competitive rates and comprehensive coverage. Kristine regularly composes cyber risk thought leadership material, including client alerts following major legislative changes or developments in the area of data and privacy protection, and bespoke papers for risk management committees. Kristine has strong experience in the placement of large, complex Cyber insurance programs for multinational companies and works closely with insurers both in Australia and London to drive positive results for clients. Kristine was the winner of the inaugural Wotton + Kearney APIG scholarship in 2015, and named as an Insurance Business Young Gun in 2017.

Marsh Pty Ltd (ABN 86 004 651 512, AFSL 238983) (“Marsh”) arrange this insurance and is not the insurer. The Discretionary Trust Arrangement is issued by the Trustee, JLT Group Services Pty Ltd (ABN 26 004 485 214, AFSL 417964) (“JGS”). JGS is part of the Marsh group of companies. Any advice in relation to the Discretionary Trust Arrangement is provided by JLT Risk Solutions Pty Ltd (ABN 69 009 098 864, AFSL 226827) which is a related entity of Marsh. The cover provided by the Discretionary Trust Arrangement is subject to the Trustee’s discretion and/or the relevant policy terms, conditions and exclusions. This website contains general information, does not take into account your individual objectives, financial situation or needs and may not suit your personal circumstances. For full details of the terms, conditions and limitations of the covers and before making any decision about whether to acquire a product, refer to the specific policy wordings and/or Product Disclosure Statements available from JLT Risk Solutions on request. Full information can be found in the JLT Risk Solutions Financial Services Guide.