Don’t delegate away cyber security risk: ASIC

Cyber security risk needs to be “front and centre” of advisers’ mind, according to the Australian Securities and Investments Commission (ASIC), with the regulator likely to have increased supervision in this area going forward.

Appearing at FINSIA's ‘The Regulators’ event, ASIC commissioner, Cathie Armour, said the case of RI Advice has brought cybersecurity into the public eye as it was the first of its kind in Australia.

While this occurred before March 2019 therefore not incurring a penalty, future breaches by firms after this date would incur significant penalties of as much as $525 million.

Related News:

Armour said: “This is a fundamental issue and it needs to be front of mind for all of us. So the advice is to make it front and centre, it is not an IT issue, it's a business strategy and business leadership issue. You need to be really focused on it.”

She said it was important that firms had assessment systems in place and were prepared to work out how to address any issues that arose. They should also make sure management was involved rather than it being delegated to a third party or IT department.

“What I think is really important is you start to run scenarios. Make sure your senior management is involved and they're not sending off a sort of a proxy for them, they're actually involved. Your boards are involved even as in running those scenarios. And they absolutely know how they're going to deal with the issues because they will arise and you need to have arrangements in place.

“So just really have a look if you haven't engaged with it, but the main thing is to be making sure that the leadership of your firm is really engaged with the problem, it’s not the IT department’s problem.”

ASIC was likely to enact more enforcement actions in this area in the future and would be working closely with other agencies on the matter.

“We work closely with APRA to coordinate our supervision in this area, readily deferring to the work done by APRA’s teams under its cybersecurity strategy when we're looking at your regulated firms, and we actively participate in the Council of Financial Regulators cyber work and have been very involved in the work by the Department of Home Affairs on the critical infrastructure legislation.”

Recommended for you




Governments the Courts the Media and Business are at risk of attacks because they are using overly complex device dependent high risk centralised authentication that is open to phishing attacks. Until such time as they implement decentralised device independent authentication that prevents phishing attacks these risks will continue to increase and proliferate. It is the height of hypocrisy for regulators to hold Business to standards that they themselves are dismally failing. Until Government starts to effectively engage with independent Developers to implement the technical solutions that are available for the benefit of the Community we will all continue to suffer the consequences of defective network authentication security.

Does anyone in ASIC actually have any understanding at all about what is like to be a financial planner. Remember the majority of financial planning practices are small businesses. Yet they expect that you have the funds and staff that compare to the banks. It just shows when your only experience is leaching of the public purse or having the ability to get others (like financial planners) to fund your expenses like ASIC does, that you think this way. The senior staff at ASIC are so out of touch, and it shows.

26th Jan 2021 - you can google the article(s)

"The corporate watchdog (ASIC) waited 10 days before informing financial institutions its servers had been hacked in a cyber attack that has wreaked havoc for major institutions including blue-chip law firm Allens and the Reserve Bank of New Zealand."

So should ASIC take themselves to to court? Impose a fine on themselves?

According to French newspaper Le Monde, the US has stolen data from at least 62.14 million mobile phones in France through "dirty boxes"

Add new comment