'/%3E%3C/svg%3E%0A)
'/%3E%3C/clipPath%3E%3C/defs%3E%3Cg id='Group_626' data-name='Group 626' transform='translate(2 2)'%3E%3Cg id='Group_625' fill='none' stroke='%232cb34a' stroke-width='1' clip-path='url(%23clip-path)' data-name='Group 625'%3E%3Cpath id='Rectangle_509' d='M0 0h20.014v15.403H0z' data-name='Rectangle 509' transform='translate(.1 .1)'/%3E%3Cpath id='Path_663' d='m20.513.5-10.006 9.548L.5.5' data-name='Path 663' transform='translate(-.4 -.4)'/%3E%3C/g%3E%3C/g%3E%3C/svg%3E%0A)
'/%3E%3C/svg%3E%0A)
Recent high-profile cases in NSW have highlighted the risks businesses face when contractor oversight falls short – whether on a building site or in cyberspace. Both physical safety and data protection require more than just trusting your contractors. They demand strong governance, clear processes, and proactive verification.
Case 1: Safety Failures in Site Handover
A recent NSW Industrial Court ruling reinforced the legal importance of proper handover procedures when engaging contractors, especially in high-risk work environments.
The Incident
- A specialist contractor installed a gate without a safety stop.
- The gate collapsed onto a mother and her three children as they walked past a redevelopment site.
- The contracting company, 465 Leichhardt Pty Ltd, was fined $180,000 under the Work Health and Safety Act (NSW).
The Court’s Findings
- Reliance on a licensed contractor did not excuse the company’s duty to verify safety.
- The lack of formal inspection and handover amounted to negligence.
- Businesses must demonstrate active oversight, even where defects appear unintentional.
Risk Management Lessons
- Handover must be a structured, risk-assessed process – not a tick-the-box exercise.
- Businesses must confirm that work is complete, compliant, and safe before assuming site control.
- Oversight of contractors remains a statutory responsibility, regardless of subcontractor expertise.
Case 2: Cybersecurity Risks in the Supply Chain
In July 2025, Qantas Airways experienced a cyber incident originating from a subcontractor system connected to its customer support operations.
Strategic Implications
- Third-party systems are now the leading cause of Australian data breaches.
- The incident underscores the need for resilience that extends beyond internal networks.
- New legislation requires organisations to disclose ransom payments promptly, with penalties for non-compliance.
The Bigger Picture
From collapsed gates to compromised systems, both cases demonstrate the same core lesson: businesses cannot outsource accountability. Whether in health and safety or cybersecurity, oversight of contractors is non-negotiable. Robust handover, inspection, and verification processes are essential for protecting people, data, and reputation.
