Cybersecurity and Directors’ Duties – No room for oversight

Justin Fung, Avant Law - Partner, Head of Commercial & Corporate | General Manager

Monday, 25 July 2022

cybersecurity and director duties

Protecting personal information continues to grow as an essential function of businesses everywhere – particularly when it comes to sensitive information in sectors such as health and financial services.  

According to the World Economic Forum, cyber risk has been recognised as  the most immediate and financially material sustainability risk that organisations face today. A somewhat stark statement. 

The Australian Securities and Investment Commission (ASIC) has recently warned directors that a failure to adequately address cyber security risk or comply with relevant disclosure and reporting requirements may be a breach of their directors' duties.

A timely reminder

This comes off the back of a recent Federal Court of Australia decision in which a business in the financial services sector was found to have breached their license obligations after failing to adequately manage its cybersecurity risks. The business was ordered to pay $750,000 towards ASIC’s costs. You can have a closer look at ASIC’s article here: Be prepared | ASIC - Australian Securities and Investments Commission.

As you can see, it’s a clear message from the corporate regulator– “Be prepared”.

Ensuring compliance, preventing a breach

According to ASIC, no business is too small for a cyber security strategy.  

If your business collects, stores, utilises or discloses personal information, this would be a very good time to look at your systems and processes and ask yourself: ‍

  • Do you have appropriate cyber security risk management systems in place, and do they give you enough visibility of cyber risks so you can comply with your disclosure obligations?
  • Is there a way of testing and verifying the effectiveness of those risk management systems?
  • Are your current cyber security and IT systems adequate to store information securely and protect against third party infiltration?
  • Could you promptly identify any data breaches (actual or potential) and satisfy your reporting requirements?
  • Do your contracts with IT vendors protect your business by addressing and managing potential security breaches?

Hopefully you are confident the answer to each of these questions is ‘yes’.  

Cyber risk is, however, an area that continues to evolve, and all businesses and their directors will need to be on a journey of continuous improvement when it comes to cyber security. 

We can help you

If you have any questions, or would like more information about how we can assist you or your practice, please call 1800 867 113, or to organise a confidential discussion at a time that suits you, please click here 

About the author

Justin Fung

Justin Fung is a lawyer and the Head of Commercial and Corporate in our Avant Law team. Justin has over 15 years’ experience advising in commercial, corporate, risk, compliance, governance, regulatory enforcement and dispute resolution and advises clients in the private and public sectors. He was previously General Counsel of a national allied health group of companies and held Group and Divisional Head of Legal roles in a major ASX-listed health company, whose operations covered medical and dental centres, allied health, pathology, diagnostic imaging, assisted reproductive technologies, day surgeries and hospitals. Prior to these in-house legal roles, Justin was an Executive Counsel with the global law firm Herbert Smith Freehills where he practiced for over 10 years.


Disclaimers

The information in this article does not constitute legal advice or other professional advice and should not be relied upon as such. It is intended only to provide a summary and general overview on matters of interest and it is not intended to be comprehensive. You should seek legal or other professional advice before acting or relying on any of this content. The information in this article is current to
26 July 2022. Liability limited by a scheme approved under Professional Standards Legislation. Legal practitioners employed by Avant Law Pty Limited are members of the scheme. © Avant Mutual Group Limited 2023

To Top