ASIC commences landmark proceedings against RI Advice Group Pty Ltd for inadequate cyber security

Not For ProfitCorporate AdvisoryTechnologyCyberGovernance
Written By Harwood Andrews

Following multiple cyber-attacks to financial service adviser RI Advice Group Pty Ltd (RI), the Australian Securities and Investments Commission commenced proceedings against RI alleging contravention of its obligations under the Corporations Act 2001 (Cth) (Corporations Act) for failure to have adequate cyber security systems as an Australian Financial Services licence holder.

Between 2016 and April 2020, a number of RI’s authorised representatives experienced cyber breach incidents, including a cyber breach incident involving a malicious third party gaining remote access to a server via an employee account. It is alleged that the malicious party spent more than 155 hours logged into the authorised representative’s server – compromising sensitive client information and identification documents.

ASIC is alleging that RI (including its authorised representatives) had failed to implement adequate “policies, plans, procedures, strategies, standards, guidelines, frameworks, systems, resources and control” to appropriately manage risks in relation to cyber security. 

The takeaway

Failure to implement appropriate cybersecurity systems can not only mean your systems and data is compromised. After a long period of focus on education, regulators are beginning to use enforcement to push examples of governance failures.  Boards should be conscious of this increased pressure and use this as an opportunity to review their policies and procedures. 

Often the hardest part is knowing what questions to ask to make sure your organisation is “cyber resilient”.  We and our partners can help to guide through the governance challenge of ensuring appropriate cyber security policies which document an organisation’s preparedness for cyber-attacks and outline response and recovery plans. 

For further information or advice please contact:

Paul Gray
Principal
T: 03 5225 5231
E: pgray@ha.legal

Alexander Gulli
Lawyer
T: 03 5226 8573
E: agulli@ha.legal

This article was prepared with the assistance of Hugo Le Clerc, Graduate Lawyer.

Harwood Andrews
Previous

Stuck between a rock and a hard place – Tech company CEO slammed for standing with the bullies

Next

Massaging the books leads to penalty for accounting firm