As cyberattacks continue to surge in Australia, ASIC has ramped up its scrutiny of corporate boards and directors, holding them accountable for cyber resilience. Directors must ensure that their companies have robust cybersecurity measures, business continuity plans, and response protocols in place. According to ASIC, paying lip service to cyber defence is no longer enough; boards must demonstrate active, ongoing efforts to safeguard against threats.
Why Directors Should Take Cybersecurity Seriously
With one cyberattack reported every six minutes in Australia, ASIC’s message to directors is clear: cybersecurity is your responsibility. Legal action has already been initiated against some directors, reinforcing the need for a proactive approach to cyber preparedness. This comes after high-profile breaches at Optus and Medibank, which resulted in lawsuits and regulatory investigations that continue to affect both companies’ reputations and finances.
ASIC’s chairman Joe Longo and commissioner Simone Constant have made it clear that enforcement actions will target directors who fail to invest in cyber resilience. Board members are expected to provide evidence of robust cybersecurity frameworks and breach response plans, such as cyber simulations, which should be a fundamental part of an organisation’s strategy. ASIC is no longer focusing solely on tech specialists but holds all directors accountable for cyber failures.
The Cost of Cyber Negligence
The case of RI Advice in 2022 highlights the consequences of poor cyber governance. The firm was fined $750,000 after failing to detect repeated cyber incidents, one of which allowed hackers to access thousands of clients’ data over a period of five months. This sets a precedent for ASIC’s current investigations into directors and boards.
According to surveys, many boards still lack critical elements in their cyber response plans. Half of the boards surveyed had not participated in a cyber simulation, and more than one-third had not decided how to handle a ransomware attack. These gaps leave organisations vulnerable and risk serious regulatory penalties.
How 4walls Can Help Directors Address Cybersecurity Risks
At 4walls, we provide directors and boards with the tools and expertise to ensure their companies are well-prepared for today’s cyber threats. Our Cyber Security Dashboard offers continuous assessments and actionable insights that help boards stay informed and proactive. We offer:
- Cyber assessments to pinpoint gaps in your cyber defences and compliance frameworks.
- Breach response simulations that test your organisation’s readiness to respond to an attack.
- Training to equip employees and leadership teams with the knowledge to mitigate risks and comply with ASIC’s expectations.
With 4walls, directors can confidently meet their cybersecurity responsibilities and protect their organisations from both reputational and regulatory harm.