At the September AFR Cyber Summit, ASIC warned board directors that they will seek to make examples of boards who are ill prepared for cyberattacks, by taking legal action against companies who have not taken steps to protect customer data.
ASIC Chair Joe Longo stated:
“Cyber preparedness is not simply a question of having impregnable systems. That’s not possible,” he said. “Instead, while preparedness must include security, it must also involve resilience, meaning the ability to respond and weather a significant cyber security incident.”
Mr Longo also commented:
'In ASIC’s work in this space, we’ve found there’s often a disconnect between several important elements, including:
Failures to identify and address the risk of ransomware, can make a Director liable under the Corporations Act 2001 (WA).
Further, good cyber governance by boards will likely result in a reduction in cyber insurance premiums, whereas insurers are increasingly likely to decline policies for clients who show a lack of cyber protection.
The importance of good cyber security was laid out in the recently in Operation Birks which was led by the Australian Securities and Investment Commission (ASIC) and the Australian Federal Police (AFP). The operation tracked down a major cyber crime ring that was responsible for stealing more than $3.3 million through large-scale online fraud and attempted to steal a further $7.5 million from victims’ superannuation and share accounts.
Interestingly the scheme was brought down by a North Melbourne woman, who placed a new sim card through her phone for each account she hacked. The woman accidentally used one of these sim cards to order kebabs to her home, which was pinged by the AFP.
ASIC Deputy Chair Sarah Court said, “Data breaches within Australia’s financial system are significant threats, with consequences that can affect people’s savings for retirement. Driving good cyber-risk and operational resilience practices in financial services and markets is a continuing priority for ASIC. Where appropriate, we will act to address digitally-enabled misconduct, including scams. We encourage all entities to be cyber vigilant and act quickly to protect consumers.”
Lavan Comment
Organisations must continue to upskill their employees and executives to meet cyber compliance obligations. If you require assistance with cyber protection planning or if you are the subject of a cyber breach, please contact Iain Freeman for assistance on (08) 9288 6000 / iain.freeman@lavan.com.au.