AFSLs urged to address cyber security vulnerabilities

AFSLs/licensees/cyber-security/cyber-attack/Hall-and-Wilcox/

28 March 2025
| By Jasmine Siljic |
image
image image
expand image

With ASIC suing FIIG Securities for alleged failures in its cyber security measures, two firms have urged AFSLs to stay vigilant against ongoing cyber threats.

Earlier this month, ASIC announced that it was suing FIIG Securities for alleged failures in its cyber security measures, describing the matter as a “wake-up call” to all licensees.

The corporate regulator stated that FIIG Securities allegedly failed to have adequate cyber security measures for over four years, according to documents filed by ASIC in the Federal Court. This led to the theft of approximately 385GB of confidential data, ASIC alleged, with some 18,000 clients notified that their personal information might have been compromised.

The case marks the regulator’s second cyber security enforcement action, with the first being launched against RI Advice in 2022.

With licensee failures to have adequate cyber security protections sitting high on ASIC’s enforcement priorities for the year ahead, Hall & Wilcox has underscored what this means for the financial services industry.

“It is clear even at this early stage in the [FIIG Securities] proceeding that ASIC will be taking cyber security failings seriously in 2025. Enforcement action from ASIC could come as a direct consequence of a cyber breach if the licensee is considered to have failed to take steps to protect its systems from infiltration,” the law firm said.

Given the Australian financial services industry holds a “treasure trove” of sensitive client data, making it an attractive target for cyber crime, outsourcing solutions provider Vital Business Partner (VBP) also encouraged businesses to safeguard their operations and clients against cyber attacks.

“Risk awareness is the first step to strengthen your cyber defences. Cyber threats are constantly evolving, with attackers becoming more sophisticated in their methods,” VBP stated.

The most common and pressing types of attacks that financial services firms are at risk of include ransomware attacks, phishing attacks and supply chain vulnerabilities, it noted.

As such, VBP encouraged AFSLs to conduct a thorough risk assessment of the business, which means identifying its most valuable assets and the potential threats they face. Reviewing cyber security policies and procedures frequently while providing regular cyber security training to staff is also critical.

Moreover, licensees were recommended to implement multifactor authentication, which adds an extra layer of security to significantly reduce the risk of unauthorised access, and regularly update their systems to prevent attacks exploiting known vulnerabilities.

Read more about:

AUTHOR

Recommended for you

sub-bgsidebar subscription

Never miss the latest news and developments in wealth management industry

MARKET INSIGHTS

So we are now underwriting criminal scams?...

2 months 3 weeks ago

Glad to see the back of you Steve. You made financial more expensive, not more affordable as you claim, and presided ...

2 months 3 weeks ago

Completely agree Peter. The definition of 'significant change is circumstances relevant to the scope of the advice' is s...

4 months 4 weeks ago

ASIC has suspended the Australian Financial Services Licence of a Melbourne-based financial advice firm....

1 week 4 days ago

The corporate regulator has issued infringement notices to three AFSLs whose financial advisers provided personal advice to a retail client while unregistered....

2 weeks 2 days ago

ASIC has released the results of its first adviser exam to be held in 2025, with 241 candidates attempting the test....

3 weeks ago

TOP PERFORMING FUNDS

ACS FIXED INT - AUSTRALIA/GLOBAL BOND