ASIC urges cyber security to be ‘top of mind’
ASIC chair Joe Longo has told AFSLs that cyber protection should be “top of mind” for them as they manage their businesses, and flagged the weaknesses demonstrated by RI Advice.
Appearing before the standing committee on economics to discuss ASIC’s FY24 annual report on 25 October, Longo said the regulator had received 600 responses to its Cyber Pulse Survey, including 120 financial advisers.
These covered the management of critical cyber capabilities by firms, including their incident response plans.
Four areas of improvement were flagged including supply chain risk management, data security, consequence management and adoption of cyber security standards.
Longo said firms and directors are all facing challenges, but cyber security should not be neglected.
“Most firms will be victims of some attack and they need to be able to respond to that. I would remind directors that they have to take these issues seriously. They are under legal obligations to manage this risk and put in place systems and processes.”
In the financial advice space, he flagged the case of RI Advice.
The Federal Court found RI Advice had breached its licence obligations to act efficiently and fairly when it failed to have adequate risk management systems to manage its cyber security risks.
A significant number of cyber incidents occurred at authorised representatives of RI Advice between June 2014 and May 2020. In one instance, an unknown malicious agent obtained, through a brute force attack, unauthorised access to an authorised representative’s file server from December 2017 to April 2018 before being detected, resulting in the potential compromise of confidential and sensitive personal information of several thousands of clients and other persons.
He said: “We ran a case a few years ago against an AFSL, RI Advice, where the court found the arrangements in place were deficient. ASIC continues to look at these issues. We have a couple of matters under investigation as we speak.
“The efforts of that business were so poor and disproportionate to the risk they were facing that it was something we needed to take to court.
“We understand directors are grappling with lots of different challenges in running a business, but this is one that should be top of mind.”
AUTHOR
Laura Dew
Recommended for you
David Sipina has been sentenced to three years under an intensive correction order for his role in the unlicensed Courtenay House financial services.
As AFSLs endeavour to meet their breach reporting obligations, a legal expert has emphasised why robust documentation will prove fruitful, particularly in the face of potential regulatory investigations.
Betashares has named the top Australian suburbs with the highest spare cash flow, shining a light on where financial advisers could eye out potential clients.
A relevant provider has received a written direction from the Financial Services and Credit Panel after a superannuation rollover resulted in tax bill of over $200,000 for a client.
