ASIC urges cyber security to be ‘top of mind’
ASIC chair Joe Longo has told AFSLs that cyber protection should be “top of mind” for them as they manage their businesses, and flagged the weaknesses demonstrated by RI Advice.
Appearing before the standing committee on economics to discuss ASIC’s FY24 annual report on 25 October, Longo said the regulator had received 600 responses to its Cyber Pulse Survey, including 120 financial advisers.
These covered the management of critical cyber capabilities by firms, including their incident response plans.
Four areas of improvement were flagged including supply chain risk management, data security, consequence management and adoption of cyber security standards.
Longo said firms and directors are all facing challenges, but cyber security should not be neglected.
“Most firms will be victims of some attack and they need to be able to respond to that. I would remind directors that they have to take these issues seriously. They are under legal obligations to manage this risk and put in place systems and processes.”
In the financial advice space, he flagged the case of RI Advice.
The Federal Court found RI Advice had breached its licence obligations to act efficiently and fairly when it failed to have adequate risk management systems to manage its cyber security risks.
A significant number of cyber incidents occurred at authorised representatives of RI Advice between June 2014 and May 2020. In one instance, an unknown malicious agent obtained, through a brute force attack, unauthorised access to an authorised representative’s file server from December 2017 to April 2018 before being detected, resulting in the potential compromise of confidential and sensitive personal information of several thousands of clients and other persons.
He said: “We ran a case a few years ago against an AFSL, RI Advice, where the court found the arrangements in place were deficient. ASIC continues to look at these issues. We have a couple of matters under investigation as we speak.
“The efforts of that business were so poor and disproportionate to the risk they were facing that it was something we needed to take to court.
“We understand directors are grappling with lots of different challenges in running a business, but this is one that should be top of mind.”
AUTHOR
Laura Dew
Recommended for you
The Federal Court has made interim orders to freeze the assets of a managed investment scheme, its responsible entity, and a director.
With new entrant numbers up 90 for the calendar YTD, Wealth Data has revealed the top licensee owners that have onboarded new advisers.
Sequoia Financial Group’s business simplification program has led to a strong profit growth for the first half of FY25, saying it is “out of the congestion and onto the freeway”.
The Federal Court has frozen the assets of two individuals, Ferras Merhi and Osama Saad, for their connections to the troubled Shield Master Fund.
