|In August 2020 the Australian Securities & Investments Commission (ASIC) announced that it had started proceedings in the Federal Court against an Australian Financial Services Licensee for failing to ensure that financial advisers under its control protected sensitive data from cyber attacks.|
The cyber attacks had taken place between December 2017 and May 2018. After the attacks ASIC alleged that the Licensee received reports on cyber security which recommended that it review all of its representatives’ cyber security. ASIC allege that the Licensee breached Corporations law in failing to conduct these reviews and to ensure the implementation of adequate systems, resources and policies to manage cyber security risk.
These proceedings send a clear message that companies need to constantly review their cyber security protocols. Directors should be mindful that a failure to implement adequate cyber security systems could be considered a breach of their own Directors’ duties.