ASIC commences landmark proceedings against RI Advice Group Pty Ltd for inadequate cyber security
Following multiple cyber-attacks to financial service adviser RI Advice Group Pty Ltd (RI), the Australian Securities and Investments Commission commenced proceedings against RI alleging contravention of its obligations under the Corporations Act 2001 (Cth) (Corporations Act) for failure to have adequate cyber security systems as an Australian Financial Services licence holder.
Between 2016 and April 2020, a number of RI’s authorised representatives experienced cyber breach incidents, including a cyber breach incident involving a malicious third party gaining remote access to a server via an employee account. It is alleged that the malicious party spent more than 155 hours logged into the authorised representative’s server – compromising sensitive client information and identification documents.
ASIC is alleging that RI (including its authorised representatives) had failed to implement adequate “policies, plans, procedures, strategies, standards, guidelines, frameworks, systems, resources and control” to appropriately manage risks in relation to cyber security.
The takeaway
Failure to implement appropriate cybersecurity systems can not only mean your systems and data is compromised. After a long period of focus on education, regulators are beginning to use enforcement to push examples of governance failures. Boards should be conscious of this increased pressure and use this as an opportunity to review their policies and procedures.
Often the hardest part is knowing what questions to ask to make sure your organisation is “cyber resilient”. We and our partners can help to guide through the governance challenge of ensuring appropriate cyber security policies which document an organisation’s preparedness for cyber-attacks and outline response and recovery plans.
For further information or advice please contact:
Paul Gray
Principal
T: 03 5225 5231
E: pgray@ha.legal
Alexander Gulli
Lawyer
T: 03 5226 8573
E: agulli@ha.legal
This article was prepared with the assistance of Hugo Le Clerc, Graduate Lawyer.