Members’ updatesMay 30, 2022PrivacyRules Australian member Macpherson Kelley on cybersecurity: is your business managing its risk?

Kelly Dickson and Lachlan Gibbs from the PrivacyRules Australian law firm member Macpherson Kelley just published an interesting guide on the topic of the importance of cybersecurity for companies to manage risks. You can read in the guide that during the 2020–21 financial year, the Australian Cyber Security Centre received over 67,500 cybercrime reports, with incidents targeting large scale companies with increasing frequency. The rise in risk has forced many businesses to address cyber security issues, but it wasn’t until recently that companies faced regulatory consequences for breaching their obligations. On 5 May 2022, the Federal Court finalised its judgment in the matter of Australian Securities and Investments Commission v RI Advice Group Pty Ltd [2022] FCA 496. In an Australian first, it was held that RI Advice Group Pty Ltd (RI) had breached its obligations as an Australian Financial Services Licensee (Licensee) by failing to have adequate risk management systems in place to manage its cyber security risks. The decision is an important lesson for all regulated entities, as it flags ASIC’s increased regulatory focus on business’ cyber security processes. However, the lesson remains the same for all businesses – big or small. All companies should ensure they have the appropriate measures in place to address cyber security breaches or risk receiving significant civil penalties. Continue reading the guide here.