Resources Blogs DSPM Meets the Notifiable Data Breaches Scheme: Minimising Exposure in Australia’s Regulatory Landscape

DSPM Meets the Notifiable Data Breaches Scheme: Minimising Exposure in Australia’s Regulatory Landscape

author
calendar08/08/2025
clock8 min read
feature image

book open Table of Contents

I love diving into topics that combine data security with regulatory compliance (why yes, I am that person!). Take today's organisations, for instance. If there’s one thing that really defines the way today’s organisations are able to successfully use technologies like AI, it’s high-quality, classified, and integrated data. But many business leaders still struggle with securing their data environment. And honestly, it’s unsurprising when you think about the massive amounts of information necessary to keep organisations running!

Imagine your organisation's data environment as a vast, prestigious digital museum housing countless invaluable exhibits, from priceless master artworks (sensitive customer data) to historical artifacts (archived records). Traditional security tools are like the museum's perimeter guards and basic alarms: they're essential for detecting if someone tries to break in or if a known threat is present at the doors.

However, a museum needs more than just guards at the entrance. That's where data security posture management (DSPM) tools come in. DSPM acts as the ultimate curator and inventory manager for every single exhibit inside. It continuously scans and classifies all your data assets, understanding their type and sensitivity. It assesses how each exhibit is protected (e.g., is a priceless painting in a bulletproof case or on an open pedestal?) by identifying misconfigurations, vulnerabilities, and compliance gaps before they can be exploited. DSPM also monitors who has access to which exhibits and if any are moved without authorisation, ensuring you're not just guarding the building, but meticulously protecting every valuable piece of data within it.

Australia's Threat Landscape

We know that 2024 was a landmark year for data breaches in Australia, highlighting the importance of the Notifiable Data Breaches (NDB) Scheme.

During July to December 2024, the Office of the Australian Information Commissioner (OAIC) received 595 data breach notifications. By the end of 2024, the OAIC had received 1,113 notifications — a 25% increase from 2023’s 893 notifications.

The biggest cause? According to a blog post by the OAIC, 69% or 404 notifications could be traced back to malicious attacks. From July to December 2024, phishing was the top cause of cyber incident notifications. Globally, Gartner predicted that in 2025, global end-user spending on information security would increase by 15% from 2024, reaching US$212 billion or roughly AU$328 billion as organisations prioritise cybersecurity.

Ransomware remains an active threat, with cyber gangs like RansomHub projected to generate an illicit revenue of around US$12 million or AU$18.6 million. Of the 64% of Australian organisations that fell prey to ransomware, 84% paid the demanded ransom.  

In the same article by the OAIC, data breaches caused by social engineering methods – tactics that trick people into revealing information or clicking malicious links – also experienced an uptick from July to December 2024: 60 breach notifications, equal to a 46% increase, were reported within the Australian Government.

Understanding the NDB Scheme  

Introduced in 2018 under the Privacy Act 1998, Australia’s NDB Scheme requires organisations to notify both the OAIC and individuals if a data breach involves their personal information, potentially causing serious harm.  

The framework aims to enhance transparency, accountability, and overall security around personal information, especially in the event of an active breach. It does this by establishing specific compliance requirements that organisations must fulfill.

To comply with the NDB Scheme, businesses with an annual turnover of more than AU$3 million, alongside organisations handling sensitive information (such as educational institutions, government entities, healthcare providers, or cloud service providers) must ensure: 

  • Timely detection and assessment. Within 30 days, organisations must promptly detect and assess suspected breaches to determine if they could cause serious repercussions, like identity theft, financial loss, or reputational damage.
  • Mandatory notification. Once organisations have confirmed an eligible breach, they must submit a statement to the OAIC and the individuals whose information may have been exposed, detailing the breach, affected data, and recommended protective measures.
  • Documentation and mitigation. Organisations must document breach details and take steps like revoking access, resetting credentials, and enhancing controls to reduce the harm and prevent future incidents. 

Let’s be clear: The NDB Scheme isn’t an exposure mitigation strategy. With malicious actors continuously evolving their cyber attacks and even exploiting AI to enhance the sophistication of their methods, data breaches can swiftly escalate into reputational crises and regulatory penalties. Organisations need to have the tools and programs in place to be prepared.

The Role of DSPM in Breach Detection and Response

DSPM is a security approach involving continuous data monitoring across multi-cloud and hybrid environments. If your organisation’s data environment is a museum, DSPM serves as a comprehensive 24/7 safety system. DSPM isn’t just another security requirement; it’s an effective way to build on baseline data protection that organisations must first already have in place.

DSPM and Enhancing Breach Detection

Let’s go back to your data environment — that large multi-floor museum full of valuable assets. These assets are being moved around all the time, from one end of a room to another, or from one floor to several others. They may even be moved to offsite storage if they are not part of a current exhibit. If you’re not careful, an asset that’s not meant to leave the building will be sailing through the exit. Modern data environments don’t stay put. They move across SaaS applications and different cloud platforms. So how does DSPM help here? 

  • Real-time visibility. DSPM tools cut through the complexity of data environments with real-time visibility into sensitive data flows and access patterns. These tools enable security teams to continuously monitor how personal and regulated information is used, moved, or shared, whether data is stored in the cloud like Microsoft 365, or on-premises. This visibility helps spot policy violations or risky behaviors, such as if an employee outside their usual geographic region suddenly gains access to sensitive HR records. When anomalies occur, DSPM flags them as potential breaches.
  • Automated alerts. DSPM can trigger automated alerts the moment it detects suspicious activity. Examples of anomalous activity include privilege escalations, mass downloads, or data shared with external domains. These alerts are context-rich, so security teams can easily determine which incidents should be escalated as notifiable breaches under the NDB Scheme. DSPM isn’t about bombarding your security teams with notifications; it’s about helping them detect the right breaches faster and with enough clarity.

DSPM helps detect real threats faster with clarity, context, and continuous oversight. 

Accelerated Response Times

When a breach hits, DSPM doesn’t just sound the alarm, it also triggers rapid and coordinated response. Imagine a smart building system that detects intruders, isolates affected areas, and alerts the right responders.

DSPM sharpens incident response under the NDB Scheme: 

  • Triggered workflows. DSPM starts with investigation and containment steps, like isolating at-risk data, revoking unauthorised access, or alerting affected users. This helps security teams limit exposure quickly with critical actions escalated for human approval when needed.
  • Integration with SIEM/SOAR. DSPM connects with two other platforms: security information and event management (SIEM) – which detects and analyses security threats – and security orchestration, automation, and response (SOAR) – which automates and coordinates incident response. By sharing incident data with these two platforms, DSPM enables smarter alerts, faster automated response, and thorough audit trails.
  • Centralised collaboration. By consolidating breach context and response actions, DSPM keeps legal, compliance, and IT teams aligned. This reduces confusion while accelerating decision-making during critical periods. 

DSPM ensures you have a unified, high-speed operation supporting both technical containment and timely, accurate reporting as required by the NDB Scheme. 

How DSPM Supports NDB Compliance

For Australian organisations, figuring out if they have just enough to protect personal information is always tricky. Under Australia’s Privacy Act 1998, APP 11 requires organisations to take “reasonable steps” to safeguard personal data. In December 2024, APP 11.3 was added to the Act, making rules clearer and stricter.  

With APP 11.3 in effect, securing your data environment isn’t just about having good locks or regular drills anymore. Now you need both technical processes and strong organisational habits.

This is where DSPM directly supports NDB compliance. The NDB Scheme expects organisations to detect, assess, and report breaches quickly and transparently. DSPM helps meet those expectations by: 

  • Providing technical controls, like continuous monitoring, access restrictions, and encryption enforcement to prevent unauthorised data exposure.
  • Enabling organisational measures, such as automated audit trails, policy enforcement, and cross-team coordination to ensure breaches are handled consistently and defensibly.

In short, DSPM doesn’t just help you spot and contain breaches — it helps you prove that your organisation is taking the right steps, both technically and operationally, to comply with the NDB Scheme and APP 11.3. For Australian organisations, “reasonable steps” now means being proactive, with the right technical defences and organisational governance working together. 

DSPM: The Next Strategic Move Against Cyber Attacks

With Australia's data breach notifications hitting record highs and regulatory requirements tightening, aligning DSPM with NDB compliance is vital for organisations to thrive despite dynamic cyber attacks. A holistic, integrated DSPM strategy delivers a powerful dual benefit: ensuring you're ready for regulatory scrutiny while significantly reducing breach impact through faster detection and response.

The real cost isn't implementing DSPM but the significant price of an undetected breach. In today's threat landscape, DSPM offers a tactical approach for staying ahead of both attackers and compliance requirements while maintaining robust cybersecurity standards. 

author

Alyssa Blackburn

As AvePoint's Global Program Manager for Information Management, Alyssa Blackburn is the person you want in your corner when navigating the digital maze. A globally recognised expert, she has a passion for transforming complex information challenges into powerful business assets.

For more than 20 years, Alyssa has partnered with organisations worldwide, helping them demystify data and information governance and unlock the incredible value hidden in their information. She combines deep industry knowledge with a friendly, practical approach that makes information management accessible to everyone.

A sought-after speaker and an award-winning author for publications like RIMPA IQ, Alyssa thrives on sharing her insights (she has been known to refer to herself as the 'Chief Opinion Officer) and helping people rethink what's possible in the digital age. She continues to be a driving force behind AvePoint's leading information management solutions, guiding both the product's development and its successful implementation for clients across the globe.

DSPMNDB Schemecompliancecybersecurity