The Australian Securities and Investments Commission (ASIC) v RI Advice Group Pty Ltd  FCA 496 has remained a curiosity provoking discussion this week amongst Australian organisations, particularly those which hold an AFSL.
Notwithstanding the outcomes of the case and its imperative reminders, Gilbert + Tobin, whom acted for RI Advice and its parent company Insignia Financial (formerly IOOF), report:
"whereas ASIC had been seeking to effectively set a far-reaching and prescriptive legal standard for cyber security for all Licensees - the judgement sets no such standard"
Further, Gilbert + Tobin have said another key takeaway from this case is:
"in addition to the identification and management of risks through different controls and measures, it is important to also monitor and audit compliance and where appropriate use the services of external experts"
Importantly, Gilbert + Tobin highlight that under section 912A of the Corporations Act 2001;
"cyber security risks must be managed adequately" yet
"in short, it is not for ASIC to set the standard" on the basis
"the Court's assessment of the adequacy of any particular set of cyber risk management systems will likely be informed by evidence from relevantly qualified experts"
Whilst the outcomes of this case may not provide AFSL holders with prescriptive guidance on, effectively, how to manage cyber security risks, the outcomes of this case do provide clear insight on the strategic imperative of embedding cyber security into executive agendas as a real modern business challenge which Australian law obliges executives and board members to confront and embrace in their line of duty.
Whilst less than 1% of executives and board members across Australian organisations may have experience and expertise in the specialist field of information security and or cyber security, the Corporations Act 2001 is offering no cooling-off period for skills to catch up.
One of Australia's most respected cyber security consultancy firms joined us recently on The Reboot Show.
Following a series of roundtable discussions with TrustedImpact and executives from IOOF Holdings Ltd, Bupa, AISA, St Leonard's College, Continuity Matters and RightShip, we published A Guide for Corporate Australia - Why Cyber Maturity Begins in the C-Suite which is available for free to read and download online.
Click here to get a copy of A Guide for Corporate Australia - Why Cyber Maturity Begins in the C-Suite
You can also watch the roundtable discussion recordings at anytime online by clicking here.
Sally A Illingworth
To read the offical statement published by Gilbert + Tobin on 10 May 2022, click here.