Cybersecurity has been a major focus for ASIC for some time, with the regulator’s attention on cyber risks continuing to intensify as cyber attacks become more frequent and sophisticated. ASIC has been saying for months that it will seek to make an example of company directors and senior executives who fail to adequately prepare for cyberattacks.
This was reiterated earlier this month, with ASIC’s Chairman stating that it “will be looking for the right case where company directors and boards failed to take reasonable steps, or make reasonable investments proportionate to the risks that their business poses”.[1]
ASIC has previously issued specific guidance to companies on cyber security, stating that boards must have in place proactive measures to prevent, detect, manage and respond to malicious cyber activity. In light of the potential financial, legal and reputational risks to organisations from a cyber breach, the regulator’s view is that cyber resilience must be a key priority for all organisations, including oversight of cyber security risk throughout the organisation’s supply chain.
The release of ASIC’s “cyber pulse survey 2023” on 13 November 2023…
