Author: Teamwsib

Cybersecurity Alert: Lessons from the Qantas Data Breach

On June 30, 2025, Qantas Airways experienced a significant cyberattack that compromised their personal data. It is believed that the hacker targeted a call centre and gained access to a third-party customer service platform containing six million names, email addresses, phone numbers, birth dates and frequent flyer numbers however at this time, Quanta’s advice is that it did not contain credit card details, financial information or passport details.

Although the airline has not confirmed whether a ransom was demanded, a suspected cybercriminal has made contact with Qantas. The Australian Federal Police, along with cybersecurity experts, are currently investigating the incident.

Key Takeaways for Corporate Clients

  • Third-Party Vendor Risks: The breach underscores the vulnerabilities associated with third-party vendors. It’s crucial to assess and monitor the cybersecurity measures of all external partners.
  • Data Sensitivity Awareness: Even without financial data being compromised, the exposure of personal information can lead to phishing and social engineering attacks. Organisations should educate employees about these risks.
  • Incident Response Preparedness: Having a robust incident response plan can mitigate the impact of breaches. Regularly updating and testing this plan ensures readiness.
  • Regulatory Compliance: Data breaches can lead to regulatory scrutiny. Ensuring compliance with data protection laws and having clear communication strategies is essential.

Recommendations for Enhancing Cybersecurity

  • Conduct Regular Security Audits: Evaluate both internal systems and third-party vendors for potential vulnerabilities.
  • Implement Multi-Factor Authentication (MFA): Enhance access controls to sensitive data.
  • Employee Training: Regularly train staff to recognise and respond to phishing attempts and other cyber threats.
  • Review and Update Policies: Ensure data protection and incident response policies are current and effective.
  • Engage Cyber Insurance: Consider cyber insurance to provide financial protection against potential breaches.

The Qantas cyberattack serves as a stark reminder of the evolving cyber threats facing organisations today. By proactively assessing risks, enhancing security measures, and fostering a culture of cybersecurity awareness, businesses can better protect themselves and their stakeholders.

For further guidance on strengthening your organisation’s cybersecurity posture or exploring cyber insurance options, please contact our team. 

SafeWork NSW releases its Annual Regulatory Statement

SafeWork New South Wales has officially released its Annual Regulatory Statement which outlines their key areas for attention across the 2025-2026 financial year.

The annual statement is a micro-element of the broader 5-year NSW strategic plan and the 10-year national safety strategy, whose purpose is to ensure key focus areas align with the “changing contexts” and emerging evidence” of the NSW workplace environment.

From 1 July 2025, the 2025–26 financial year will bring significant changes to the enforcement of workplace safety laws across NSW. SafeWork NSW will become the state’s primary work health and safety regulator, introducing expanded measures such as an increase in field inspectors—particularly with a focus on psychosocial risks—and a commitment to building capacity and capability to improve psychological health and safety outcomes in workplaces. The five 5 regulatory priorities for the 2025-26 period includes:

  • Falls from heights: “…one of the most common causes of workplace fatalities” and of the 274 workplace fatalities across 2019-2023, falls from height accounted for 36 of these fatalities.
  • Harms to workers in the health care and social assistance sector: accounts for “one in five claims across all industries in NSW” with further focus on musculoskeletal injuries and psychological injuries noting their high and growing prevalence within the sector.
  • Managing psychosocial risks at work including sexual harassment: largely appears to be focused on education action to increase awareness and understanding among employers and implement actions such as control measures and work design to meet legislative standards.
  • Exposure to hazardous substances including asbestos, crystalline silica and welding fumes: With an average of 4,000 asbestos-related disease fatalities each year, and welding fumes now classed as a Group 1 carcinogen, there will be increased focus on compliance to stem the growing morbidity and mortality rates.
  • Injury from mobile plant, vehicles, or fixed machinery: along with falling from heights and being hit by moving objects, vehicle accidents account for the highest frequency of fatality across Australia.

Saunders Safety & Training would urge NSW businesses to read through the annual statement and consider how this focus areas could impact the operations of its business. The regulator makes it clear they will want to “work closely with these businesses to drive meaningful change and ensure lasting compliance through our High-Risk Workplaces and Repeat Offenders program. From 1 January 2026, names of work health and safety duty holders in this program will be published on our website under new legislative reporting requirements. Exiting the program will rely on the duty holder achieving outcomes aligned with timed milestones.” This speaks to not only the financial risks, but the cultural, reputational, and legal risks that come with not meeting compliance standards.

For more information, please reach out to the team at SS&T or your dedicated Warren Saunders Insurance Brokers Account Manager.

A Competitive Surge in the Insurance Market and a New Club Liability Premium Offering

Over the past month, the insurance market has seen a significant uptick in competitive activity, with Insurers actively adjusting their offerings to capture market share. Many of our club clients have benefitted financially from this market softening.

New Club Liability Premium Offering Enters the Market

Amid this competitive landscape, a noteworthy development has been the introduction of a new club liability premium offering. This development reflects a wider trend within the insurance industry, where Insurers are increasingly focusing on niche markets and tailored solutions to differentiate themselves. Now may be a valuable time to reassess existing policies and explore these new offerings.


What This Means for Members

With insurers competing more aggressively for business, LCA members could benefit from more favourable pricing. However, it’s equally important to ensure that lower premiums don’t come at the cost of inadequate coverage. As a proud sponsor of LCA we are more than happy to assist members with any questions.

Risk Management Advice

Peter Furst, Head of Incident Response at Emergence one of the premier Cyber insurers in Australia, advises that based on his experience in responding to hundreds of Cyber incidents at Emergence over the past 5 years there are key actions every organisation should take to reduce cyber risk and strengthen their security posture:

Easy low-cost security measures that significantly reduce risk:

  • Enforce MFA and Conditional Access (e.g. geoblocking) to prevent unauthorised access.
  • Patch systems promptly to close known vulnerabilities.
  • Maintain and regularly test offline backups to ensure recovery readiness.
  • Apply the principle of least privilege—grant access only as needed.
  • Enable and retain broad logging (e.g. system logs, firewall logs, Microsoft 365 audit logs) for visibility and incident investigation.

High-impact security investments: 

  • Train staff to recognise phishing and fraud attempts.
  • Deploy Endpoint Detection and Response (EDR) tools like CrowdStrike or SentinelOne.
  • Implement a SIEM to centralise and analyse logs.
  • Ensure 24/7 monitoring through a Security Operations Centre (SOC).
  • Conduct regular penetration testing to identify vulnerabilities.
  • Run incident response exercises to test and improve readiness.

Taking these measures not only makes your business more resilient but can be a trigger to obtaining a more economical Cyber insurance premium. Businesses should ensure that all risk mitigation measures taken are communicated to their insurance brokers.

Mental Health Reforms

The NSW Government has announced its intention to introduce reforms that will change how psychological injury claims are defined and managed in the NSW Workers Compensation Scheme. If enacted, these changes will have a direct impact on employers and their workers in NSW.

  • Psychological injuries now account for 12% of claims but 38% of total costs.
  • The number of psychological injuries has doubled in 6 years.   
  • By comparison, all other injuries have grown by just 16% during that same period.
  • 88% of workers who suffer from physical injuries on average have returned to work within 13 weeks.
  • 40% of workers with psychological injuries are still languishing in the system after one year off work; still separated from their workplace, more likely to be socially isolated.
  • An employer facing no claims against them, operating a psychologically safe workplace, can expect their premiums to rise by 36% over three years to 2027-28 if nothing changes, having already faced an 8% increase in premiums for three years running.
  • Further, the icare FY24 Annual Report states 70% of the psychological claims reported within the Nominal Insurer are caused by harassment and work pressure.

On Thursday, 5 June 2025, the Legislative Council (upper house) debated, and ultimately agreed to, a motion to refer the Workers Compensation Legislation Amendment Bill 2025 to the Public Accountability and Works Committee for inquiry and report.  Further, the motion provides that the committee will determine its own reporting date. 

What does this mean for employers? Even organisations with clean claims histories and safe practices are likely to feel the impact of rising premiums and more stringent mental health requirements. Employers should begin reviewing their workplace culture, psychological safety policies, and injury prevention strategies now to prepare for what’s ahead.

Take Control of Psychosocial Risk

Proposed changes to the New South Wales Workers Compensation Act (1987) have been receiving much attention within the industry and across various media outlets in recent months, as the Labor Government seek to push through what they feel are necessary changes to stem the increasing costs of psychological injury in both the Private and Government workplace sectors. It has been reported that psychological injury within NSW incurs, on average, $126,000 in claims costs versus the average physical injury incurring $29,000 in claims costs. The flow on effect to the injured worker (for example, quality of life and financial strain) and businesses (absenteeism, workers compensation premium increases, legal and cultural reputation) is substantial; and has led to claims the NSW Workers Compensation scheme is presently unsustainable. Conversely, the positive effects of a healthy workplace culture have been heavily investigated with this YouTube Video created by Heads Up providing a succinct appraisal of potential benefits to business. 

Much of what is being debated in parliament and behind closed boardroom doors is outside of our control, but what is in our control is how we better understand the key motivational drivers of our employees, and foster a healthy workplace culture to positively drive productivity, satisfaction, and reduced financial strain on all. One key process a business can implement in today’s economy is a Psychosocial Audit tool which seamlessly collects clean, valid and accurate data; and provides subject matter experts and persons conducting a business or undertaking with solutions to not only meet WHS Regulatory requirements, but drive these greater financial and cultural outcomes.

SS&T is partnering with InCheq whose platform takes the guesswork out of understanding these growing risks and developing tailored solutions for businesses here in NSW, and across all states and territories in Australia. And lets be honest, when it comes to the Psychosocial Codes of Practice, there is still a lot of uncertainty as to how to understand, validate, support and act to the requisite levels of regulation and expectation across government and business. SS&T has found InCheq’s platform to be a top-tier solution to support our customers, and would recommend any business who is interested in this risk contact us today to discuss the tool in more detail, or to arrange a demo of the platform.

References:

www.parliament.nsw.gov.au/committees/inquiries/Pages/inquiry-details.aspx?pk=3101

www.nsw.gov.au/ministerial-releases/workers-compensation-exposure-draft-released

Supporting Safer Workplaces

Supporting safer workplaces

The Mutual Benefits Program has developed a range of posters on a variety of Workplace Health and Safety (WHS) topics to help improve health, safety and return to work outcomes in Australian workplaces. 

Take advantage of our new posters – free and ready to use in your organisation today. 

Online resources

Each poster contains a QR code which will provide workers and supervisors access to our online WHS resources. 

Make the posters your own

If you would like to personalise the posters, simply download one of the cobrand templates click at the top right where indicated and follow the prompts to insert your logo. EML customers also have the option to contact Mutual Benefits to organise further customisation.  

Printing your posters

Our posters are designed as A1 (594 x 841mm) size however, you can change the size in your print preferences if you would prefer a smaller poster size.

Building the library

We are working on a variety of topics and if you have an idea for a poster that would help support workplace safety please contact Mutual Benefits.

If you get injured at work posters

You can find the relevant poster for your State through the links below. We have also included WorkSafe Victoria’s EML branded Injured at Work Poster below for the convenience of our Victorian customers.


Click here for access to the posters.

Source: EML



Occupational Noise and Audiometric Testing

We inform you of the recent implementation of Clause 58 of the Workplace Health & Safety Regulation, effective 01st January 2024. This is a very notable piece of legislation, as it talks to the need for Persons Conducting a Business or Undertaking (PCBU) to provide audiometric testing to their workforce.

The legislation essentially states that workers who are supplied Personal Protective Equipment (PPE) to reduce the risk of hearing loss as a control measure to a known risk – excess noise – now also need to be supplied with access to employer funded audiometric testing to continuously monitor for industrial hearing loss. The legislation requires those workers to be tested within the first three (3) months of commencing employment, and then every two (2) years thereafter.

The legislation only affects those PCBU’s whose employees are frequently working in environments where other control measures outlined in the NSW SafeWork Code of Practice have failed to reduce noise to below an exposure standard. Workers who choose to wear PPE as a personal choice or as an incidental part of their work are not affected by this legislation.

I’ve attached a fact sheet for your consideration, which also talks to our ability to support our clients with services to determine whether the workplace is deemed “excessively noisy”, and subsequent audiometric testing services should they be required. There is also a noise thermometer which is a handy tool in applying potential noise outputs to activities of daily living.

What we know is SafeWork NSW will typically run a taskforce shortly after the implementation of a piece of legislation or a change in guideline to ensure at-risk industries are abiding by their legislative requirements, so we want to make sure we are supporting you with this implementation of law. Given the clause was enacted at the start of calendar year 2024, with at worst a two (2) year requirement to test, we are of the belief safety inspectorate activity focusing on this regulation will ramp up significantly over the coming months.

At Saunders Safety & Training, we recognise this workplace risk and have the services and expertise ready to support our clients in creating a safer workplace environment. 

Occupational hygiene services include noise monitoring, both static and personal, to identify equipment and operations causing harmful noise levels and consequently assess the competence of personal protective equipment supplied by an employer, such as hearing protection and earplugs. Should a resultant report identify hazardous exposure risk, further support through Saunders Safety & Training can be sourced, including but not limited to audiometric assessments of workers in line with the Regulations, and environmental studies to help reduce the volume of noise within the workplace.

Saunders Safety & Training can be contacted on (02) 9958 9009 or on info@saunderssafety.com.au should you need more information to support your
business needs.


References:
1.https://www.safeworkaustralia.gov.au/sites/default/files/202203/Hazardous%20Nois
e%20Infographic.pdf
2. https://legislation.nsw.gov.au/view/html/inforce/current/sl-2017-0404#ch.4-pt.4.1

Review of NSW WHS Laws

Listen to this podcast which highlights the cost(s) you could be exposed to if your business gets caught-up in a stat liability claim.

The 10th of June 2025 will mark 5 years since the NSW government introduced revised WHS legislation that prohibited insurance from indemnifying penalties imposed under that law.

The major change of note has been the diversification in enforcement targets; with the Regulator (SafeWork NSW) focusing more on individual Directors and Officers for their respective duties under the law. This looks to have come about due to a trend of companies being put into liquidation or administration once a prosecution was commenced.

It appears the inability to have insurance protection for any WHS penalty is driving a number of companies out of business, leaving individuals as the ‘last man standing’ to face enforcement from the Regulator. The Regulator is also directing focus to a broader pool of employees that have a duty under the law.

This focus on individuals goes beyond merely looking for company records that show documented safety procedures, but also looks at the individuals that were involved – or should have been involved – in the creation, implementation and monitoring of the required safety procedures.

There doesn’t appear to be any significant change in the number or value of WHS penalties being imposed in NSW since 2020 (aside from a reduction due to COVID-19 disruptions); but the increased complexity of regulatory investigations and the vigour of enforcement is driving up legal costs for businesses to respond.

Following an independent review of SafeWork NSW published in December 2023, the Regulator has declared its focus is expanding beyond traditional areas such as construction and manufacturing. It now includes a particular focus on the healthcare and social assistance sectors, as well as psychosocial risks across all industries.

SafeWork NSW has declared that it will be pursuing ‘compliance through enforcement’. This means that businesses in NSW can expect a more active Regulator in the WHS space over the coming 12 months and beyond.

The Regulator has also staffed its inspectorate with specialist investigators trained in psychosocial matters, and from 1 July 2024, NSW has a dedicated Industrial Court to hear WHS matters. This means the regulatory landscape from incident response and investigations, through to prosecutions and sentencing has been strengthened to assist the Regulator in meeting its stated goal of compliance through enforcement.

Listen to this podcast for the full discussion.

General Advice Warning

The information contained in this podcast is general in nature and does not take into account your personal situation. You should consider whether the information is  appropriate to your needs, and where appropriate, seek professional advice from an insurance broker or risk adviser.

The contents of this podcast are for reference purposes only. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your circumstances should always be sought separately before taking any action based on this content.

Any opinions expressed by the speakers are their own and are not representative of any company unless stated otherwise.

 

If you have any questions pertaining to these changes you have read, please contact your Account Broker on 02 9587 3500.

Source: SUA 2025 Review of NSW WHS Laws – SUA

How to spot five common impersonation scams

All scams involve a form of impersonation, but some disguises are more popular and effective than others. Here’s how you can spot five common types of impersonation scam and help keep your money protected.

See below on how to spot common impersonation scams.

1. Bank impersonation scams

Bank impersonation scams are common in Australia and increasingly hard to spot. Scammers can make their calls and text messages appear to come from your bank, they can even send you text messages that appear in the same chain as other legitimate messages. Scammers may also use phone numbers that are similar to a bank’s legitimate phone number – hoping you won’t detect the difference.

Search icon
Watch out for

Any request for payment, personal details or login credentials from a person or institution claiming to be from your bank.
Phone with message icon
A real-life example

Scamwatch has warned of a rise in scammers saying they’re from a legitimate bank, often claiming they’re from the fraud department. They may refer to your account being compromised, a suspicious transaction, or an online banking outage and urgently ask you to transfer your funds or share your login credentials to protect your accounts.
Tick icon
Safety tip

Your bank may legitimately contact you if they suspect suspicious activity on your account. But your bank will never ask you for login credentials such as your banking password, and they won’t ask you to make payments or transfer money.
Phone with a Macquarie Authenticator message

You’re in control

Multi-factor authentication (MFA) is popular and generally effective. However, it’s important to know that if you’re using SMS for multi-factor authentication, it’s not the safest option on the market, as SMS can be compromised.

For example, if your phone number is illegally ported, a criminal can receive your messages – including from your bank – and use them to get access to your accounts.

Macquarie customers can use Macquarie Authenticator instead of SMS to verify important transactions and account activity.

2. Government impersonation scams

To gain your trust, scammers often pretend to be from government organisations or departments. This can include Services Australia, Centrelink or the Australian Taxation Office. Increasingly, scammers are also claiming to be agents of international authorities, targeting culturally and linguistically diverse communities.

Search icon
Watch out for

An unsolicited email or text which contains a link or an urgent request for payment, your login credentials or your personal details. Scammers may also call and threaten arrest, deportation, or other legal action.
Phone with message icon
A real-life example

The NSW Government is aware of several scams circulating using Revenue NSW and Service NSW branding. These scams are seeking urgent payment for fine notices that do not exist.
Tick icon
Safety tip

Government organisations won’t ever send a link asking you to log in to online services (such as myGov) in a text message or email, or with an urgent request for payment.

3. Celebrity impersonation scams

A tactic that is growing in popularity on social media is scammers using the image and name of a well-known person to endorse their fake product, scheme or investment scam. Often, scammers create fake profiles, using legitimate images, to appear trusted. Romance scammers may also pretend to be a celebrity, typically using social media as their starting point for a conversation.

Search icon
Watch out for

Videos or images which show a public figure endorsing an investment opportunity. Deepfake technology is often used in celebrity impersonation scams, making a fraudulent video or image appear legitimate.
Phone with message icon
A real-life example

The Australian Competition and Consumer Commission (ACCC) shared that an Australian lost $80,000 in cryptocurrency after viewing a deepfake video of a public figure on social media. The victim registered their details, invested their funds, and watched their significant returns grow via an online dashboard. However, the setup was fake, and the money was stolen by scammers.
Tick icon
Safety tip

Often, a well-known public figure will issue a warning about scammers impersonating them. In addition to independently verifying any investment opportunity you find, you can search for warnings issued by the celebrity endorser.
Phone with a pop-up scam message

What to do if you’re scammed

If you’re the victim of a scam, it’s important to remember that you’re not alone. Scams are common in Australia and worldwide, and there are support services available to you, including steps from the Australian Government to help guide you.

Unfortunately, scammers often target victims again, with the promise of helping them recover some of their lost funds. Never engage with unsolicited or advertised support for scam recovery services, only work with trusted institutions such as your bank or government agencies, using contact information you have independently verified.

4. Family and friends impersonations

‘Family and friends’ impersonation scams involve a scammer pretending to be someone you know who needs your help urgently, usually in the form of payment. Sometimes scammers may even use a photo of a family member or friend, or deepfake technology to impersonate them in a voice note or video.

Search icon
Watch out for

A message via text or social media with a request to transfer money or share login details, from a number or person you don’t recognise. The text may suggest your family member or friend is in urgent need of support.
Phone with message icon
A real-life example

The ‘hi mum’ scam has cost Australians millions, according to Scamwatch. This is when a scammer will pretend to be a person’s child contacting their parent from an unknown number, claiming to have lost or damaged their phone. They’ll often request money or banking login credentials to help them recover their device.
Tick icon
Safety tip

If you’re contacted by someone claiming to be your son, daughter, relative or friend, start by calling them on the number already stored in your phone to confirm if it’s not in use. Even if you’re unable to make contact, you should still assume a scammer is trying their luck. You could try asking personal questions a scammer couldn’t know the answers to, being careful never to reveal any sensitive information in the process.

 

5. Job impersonation scams

These types of scams involve the impersonation of trusted companies to encourage you to part with your money or grant access to your bank account. There are many layers to job impersonation scams, from scammers offering low-effort, high-income jobs that require an upfront payment, to scammers asking to use your bank account to hold and transfer money – and pretending it’s a legitimate part of the role they’re offering.

Search icon
Watch out for

Job opportunities that are unsolicited or appear too good to be true, including an income higher than the market rate for relatively low hours or a role that never requires you to meet your employer in-person.
Phone with message icon
A real-life example

The Australian Federal Police warns scammers are targeting students and offering them payment to receive money into their bank account and transfer it to another account or cryptocurrency exchange. Known as ‘money mules’, these students are often recruited via fake job offers and may be unknowingly transferring stolen money.
Tick icon
Safety tip

Never enter any employment arrangement that asks for upfront payment or access to your bank account.

 

Your steps to staying safe

Sophisticated technology means scammers can convincingly appear to be someone you know or an institution you trust. No matter what the situation, you can help keep your money protected by following these principles.

Speech bubble icon

Pause

Take a moment and think, does this offer seem too good to be true? Ask yourself, is it unusual for this person I know, or this stranger or celebrity I don’t know, to be contacting me like this?

Processing icon

Process

Independently verify any investment opportunity or request for contact using research and contact information you find on your own. If in any doubt, don’t proceed.

Security icon

Proceed

Only move forward if you’re confident in your independent verification and remember – a bank, financial institution or government agency will never urgently require you to transfer money or share your sensitive information.