Cybersecurity Alert: Lessons from the Qantas Data Breach

On June 30, 2025, Qantas Airways experienced a significant cyberattack that compromised their personal data. It is believed that the hacker targeted a call centre and gained access to a third-party customer service platform containing six million names, email addresses, phone numbers, birth dates and frequent flyer numbers however at this time, Quanta’s advice is that it did not contain credit card details, financial information or passport details.

Although the airline has not confirmed whether a ransom was demanded, a suspected cybercriminal has made contact with Qantas. The Australian Federal Police, along with cybersecurity experts, are currently investigating the incident.

Key Takeaways for Corporate Clients

  • Third-Party Vendor Risks: The breach underscores the vulnerabilities associated with third-party vendors. It’s crucial to assess and monitor the cybersecurity measures of all external partners.
  • Data Sensitivity Awareness: Even without financial data being compromised, the exposure of personal information can lead to phishing and social engineering attacks. Organisations should educate employees about these risks.
  • Incident Response Preparedness: Having a robust incident response plan can mitigate the impact of breaches. Regularly updating and testing this plan ensures readiness.
  • Regulatory Compliance: Data breaches can lead to regulatory scrutiny. Ensuring compliance with data protection laws and having clear communication strategies is essential.

Recommendations for Enhancing Cybersecurity

  • Conduct Regular Security Audits: Evaluate both internal systems and third-party vendors for potential vulnerabilities.
  • Implement Multi-Factor Authentication (MFA): Enhance access controls to sensitive data.
  • Employee Training: Regularly train staff to recognise and respond to phishing attempts and other cyber threats.
  • Review and Update Policies: Ensure data protection and incident response policies are current and effective.
  • Engage Cyber Insurance: Consider cyber insurance to provide financial protection against potential breaches.

The Qantas cyberattack serves as a stark reminder of the evolving cyber threats facing organisations today. By proactively assessing risks, enhancing security measures, and fostering a culture of cybersecurity awareness, businesses can better protect themselves and their stakeholders.

For further guidance on strengthening your organisation’s cybersecurity posture or exploring cyber insurance options, please contact our team. 

SafeWork NSW releases its Annual Regulatory Statement

SafeWork New South Wales has officially released its Annual Regulatory Statement which outlines their key areas for attention across the 2025-2026 financial year.

The annual statement is a micro-element of the broader 5-year NSW strategic plan and the 10-year national safety strategy, whose purpose is to ensure key focus areas align with the “changing contexts” and emerging evidence” of the NSW workplace environment.

From 1 July 2025, the 2025–26 financial year will bring significant changes to the enforcement of workplace safety laws across NSW. SafeWork NSW will become the state’s primary work health and safety regulator, introducing expanded measures such as an increase in field inspectors—particularly with a focus on psychosocial risks—and a commitment to building capacity and capability to improve psychological health and safety outcomes in workplaces. The five 5 regulatory priorities for the 2025-26 period includes:

  • Falls from heights: “…one of the most common causes of workplace fatalities” and of the 274 workplace fatalities across 2019-2023, falls from height accounted for 36 of these fatalities.
  • Harms to workers in the health care and social assistance sector: accounts for “one in five claims across all industries in NSW” with further focus on musculoskeletal injuries and psychological injuries noting their high and growing prevalence within the sector.
  • Managing psychosocial risks at work including sexual harassment: largely appears to be focused on education action to increase awareness and understanding among employers and implement actions such as control measures and work design to meet legislative standards.
  • Exposure to hazardous substances including asbestos, crystalline silica and welding fumes: With an average of 4,000 asbestos-related disease fatalities each year, and welding fumes now classed as a Group 1 carcinogen, there will be increased focus on compliance to stem the growing morbidity and mortality rates.
  • Injury from mobile plant, vehicles, or fixed machinery: along with falling from heights and being hit by moving objects, vehicle accidents account for the highest frequency of fatality across Australia.

Saunders Safety & Training would urge NSW businesses to read through the annual statement and consider how this focus areas could impact the operations of its business. The regulator makes it clear they will want to “work closely with these businesses to drive meaningful change and ensure lasting compliance through our High-Risk Workplaces and Repeat Offenders program. From 1 January 2026, names of work health and safety duty holders in this program will be published on our website under new legislative reporting requirements. Exiting the program will rely on the duty holder achieving outcomes aligned with timed milestones.” This speaks to not only the financial risks, but the cultural, reputational, and legal risks that come with not meeting compliance standards.

For more information, please reach out to the team at SS&T or your dedicated Warren Saunders Insurance Brokers Account Manager.

A Competitive Surge in the Insurance Market and a New Club Liability Premium Offering

Over the past month, the insurance market has seen a significant uptick in competitive activity, with Insurers actively adjusting their offerings to capture market share. Many of our club clients have benefitted financially from this market softening.

New Club Liability Premium Offering Enters the Market

Amid this competitive landscape, a noteworthy development has been the introduction of a new club liability premium offering. This development reflects a wider trend within the insurance industry, where Insurers are increasingly focusing on niche markets and tailored solutions to differentiate themselves. Now may be a valuable time to reassess existing policies and explore these new offerings.


What This Means for Members

With insurers competing more aggressively for business, LCA members could benefit from more favourable pricing. However, it’s equally important to ensure that lower premiums don’t come at the cost of inadequate coverage. As a proud sponsor of LCA we are more than happy to assist members with any questions.

Risk Management Advice

Peter Furst, Head of Incident Response at Emergence one of the premier Cyber insurers in Australia, advises that based on his experience in responding to hundreds of Cyber incidents at Emergence over the past 5 years there are key actions every organisation should take to reduce cyber risk and strengthen their security posture:

Easy low-cost security measures that significantly reduce risk:

  • Enforce MFA and Conditional Access (e.g. geoblocking) to prevent unauthorised access.
  • Patch systems promptly to close known vulnerabilities.
  • Maintain and regularly test offline backups to ensure recovery readiness.
  • Apply the principle of least privilege—grant access only as needed.
  • Enable and retain broad logging (e.g. system logs, firewall logs, Microsoft 365 audit logs) for visibility and incident investigation.

High-impact security investments: 

  • Train staff to recognise phishing and fraud attempts.
  • Deploy Endpoint Detection and Response (EDR) tools like CrowdStrike or SentinelOne.
  • Implement a SIEM to centralise and analyse logs.
  • Ensure 24/7 monitoring through a Security Operations Centre (SOC).
  • Conduct regular penetration testing to identify vulnerabilities.
  • Run incident response exercises to test and improve readiness.

Taking these measures not only makes your business more resilient but can be a trigger to obtaining a more economical Cyber insurance premium. Businesses should ensure that all risk mitigation measures taken are communicated to their insurance brokers.

Mental Health Reforms

The NSW Government has announced its intention to introduce reforms that will change how psychological injury claims are defined and managed in the NSW Workers Compensation Scheme. If enacted, these changes will have a direct impact on employers and their workers in NSW.

  • Psychological injuries now account for 12% of claims but 38% of total costs.
  • The number of psychological injuries has doubled in 6 years.   
  • By comparison, all other injuries have grown by just 16% during that same period.
  • 88% of workers who suffer from physical injuries on average have returned to work within 13 weeks.
  • 40% of workers with psychological injuries are still languishing in the system after one year off work; still separated from their workplace, more likely to be socially isolated.
  • An employer facing no claims against them, operating a psychologically safe workplace, can expect their premiums to rise by 36% over three years to 2027-28 if nothing changes, having already faced an 8% increase in premiums for three years running.
  • Further, the icare FY24 Annual Report states 70% of the psychological claims reported within the Nominal Insurer are caused by harassment and work pressure.

On Thursday, 5 June 2025, the Legislative Council (upper house) debated, and ultimately agreed to, a motion to refer the Workers Compensation Legislation Amendment Bill 2025 to the Public Accountability and Works Committee for inquiry and report.  Further, the motion provides that the committee will determine its own reporting date. 

What does this mean for employers? Even organisations with clean claims histories and safe practices are likely to feel the impact of rising premiums and more stringent mental health requirements. Employers should begin reviewing their workplace culture, psychological safety policies, and injury prevention strategies now to prepare for what’s ahead.