Almost half of Australian SMEs don't understand their regulatory obligations under data breach rules and many more are ignorant of cyber threats, research by Chubb has found.

The insurer’s SME cyber preparedness report reveals that 47% of respondents are unaware of obligations under the Notifiable Data Breaches scheme introduced in February last year.

Data breaches which are likely to result in serious harm must be reported by companies with at least $3 million in annual turnover.

Affected individuals must be notified, along with the Office of the Australian Information Commissioner, which oversees the scheme. Failure to comply can result in significant financial penalties.

The Chubb report also finds 32% of senior leaders expect their business to be immune from cyber attack, 49% of SMEs have no data breach response plan in place, and only 27% have cyber insurance.

See Analysis.