Cyberthreats are getting more sophisticated and prevalent, affecting society and economies. Consequently, government regulation is evolving to reflect this risk and drive confidence in the digital space. From 22 February 2018, Australian organisations that are subject to the Privacy Act will need to report data breaches to the affected parties and to the Office of the Australian Information Commissioner (OAIC). As businesses grapple with new requirements on data protection, aligning with the Notifiable Data Breach (NDB) scheme is essential. Managing this alignment successfully means not just ticking boxes, but holistically addressing their cyber risks and becoming state-of-the-art.