Corporate regulator the Australian Securities and Investments Commission (ASIC) undertook its first enforcement action in relation to Australian Financial Services (AFS) licensee obligations in the context of cybersecurity. The licensee was found to have contravened the Corporations Act by failing to have adequate ‘controls and documentation’ in place to manage cyber security risks across its authorised representative network.
“The impact of cyber risk is increasing in severity and every organisation needs to take steps to respond.”
The Federal Court decision is a clarion call to organisations and their boards to ensure risk management systems are equipped to address increased cyber risks as well as an ever-growing regulatory burden. This includes recent changes to the Security of Critical Infrastructure laws, the introduction by ASIC of new market integrity rules and the likely introduction by the Federal Government of new ransomware-specific laws.
Malicious cyber activity is ubiquitous and MinterEllison’s 2022 Cyber Risk Report found a quarter of respondent organisations have been subject to a cyber security incident that compromised…
