Future cybersecurity breaches could incur $525m penalties


Firms which fail to have adequate risk management systems to manage cybersecurity risk could be fined as much as $525 million by the regulator in the future.
Yesterday, RI Advice was found to have breached its Australian Financial Services license obligations to act efficiently and fairly when it failed to have adequate risk management systems to manage cybersecurity risks. This occurred between June 2014 and May 2020.
While RI Advice had to pay $750,000 in costs, it did not receive a penalty now or in any later hearing as the breach occurred before it was a civil penalty.
However, for any future breaches, firms would incur significant penalties which could be as high as $525 million, the regulator said.
Speaking to Money Management, an ASIC spokesperson said: “The maximum penalties available for a breach of section 912A(1) are now:
- The greatest of $10.5 million;
- Three times the benefit obtained; or
- 10% of annual turnover (capped at $525 million).
“If appropriate, ASIC may seek substantial civil penalties in future cases, if licensees breach their obligations to manage cybersecurity risk”.
Recommended for you
Net cash flow on AMP’s platforms saw a substantial jump in the last quarter to $740 million, while its new digital advice offering boosted flows to superannuation and investment.
Insignia Financial has provided an update on the status of its private equity bidders as an initial six-week due diligence period comes to an end.
A judge has detailed how individuals lent as much as $1.1 million each to former financial adviser Anthony Del Vecchio, only learning when they contacted his employer that nothing had ever been invested.
Having rejected the possibility of an IPO, Mason Stevens’ CEO details why the wealth platform went down the PE route and how it intends to accelerate its growth ambitions in financial advice.