Sync Underwriting is advising insurance brokers to reassess cyber insurance policies for clients in light of the Office of the Australian Information Commissioner’s (OAIC) new Notifiable Data Breaches (NDB) Statistics Dashboard. The dashboard, launched on Nov. 4, provides an interactive platform for analysing data breach trends across Australian sectors.
Australian Privacy Commissioner Carly Kind said the new dashboard is designed to help organisations learn from the experiences of others and improve their breach response and notification processes. “Our goal for the new NDB dashboard is to help reporting entities learn from the experiences of others – those organisations and agencies who have had to notify us of a data breach. We hope the tool is used to improve their own responses and reporting if a data breach occurs,” Kind said.
The OAIC will update the dashboard every six months and continues to provide resources on securing personal information and responding to breaches. The agency encourages organisations to address third-party risks early in procurement and to maintain oversight of their providers.
Sync Underwriting points to the OAIC’s latest data, which shows that the healthcare sector accounted for 18% of all reported data breaches in the first half of 2025 (H1 2025) – with the financial services sector following at 14%. These figures indicate that organisations in these industries remain frequent targets for cyber incidents, reinforcing the importance of robust cyber insurance coverage.
The OAIC’s statistics further reveal that malicious or criminal attacks were responsible for 59% of breaches, while human error contributed to 37% – an increase from the previous period. The average number of individuals impacted by cyber incidents now exceeds 10,000 per breach, underscoring the potential scale of exposure for affected entities.
A recent case study published by the OAIC involved a government agency whose third-party software provider inadvertently made confidential documents publicly accessible online. The OAIC commented: “This case serves as a reminder that organisations are responsible for the actions of third-party providers when outsourcing their personal information handling. Organisations that implement strong supplier risk management frameworks, together with more robust security measures, can substantially minimise the impact of a data breach in the supply chain.”
Sync Underwriting recommends that brokers ensure cyber insurance policies include contingent business interruption coverage, with specific attention to incidents involving third-party IT service providers. As outsourcing becomes more prevalent, brokers are encouraged to verify that clients’ policies address the risks associated with external vendors.
The OAIC’s guidance also highlights the need for organisations to implement strong supplier risk management, including contractual clauses on data retention and destruction, clear responsibilities in the event of a breach, and regular security reviews of vendors.
The OAIC dashboard shows that in 27% of reported cases, organisations took more than 30 days to identify a breach. Sync Underwriting notes that this delay can affect insurance coverage, particularly with respect to retroactive dates. Brokers are encouraged to review policy terms to ensure that breaches occurring before policy inception but discovered later are not excluded from coverage.
