ASIC’s crackdown on FIIG: What it means for your business
The Australian Securities and Investments Commission (ASIC) has taken action against FIIG Securities Limited, a financial services company, for not doing enough to protect against cyber threats. This case shows that cybersecurity is no longer just an IT problem—it’s something business leaders need to take seriously.
What happened?
ASIC is investigating FIIG Securities, which holds an Australian Financial Services (AFS) license, for allegedly failing to:
- Have strong risk management systems to stop cyber threats.
- Put enough cybersecurity protections in place even though they handle sensitive financial information.
- Meet legal requirements under section 912A(1) of the Corporations Act 2001 (Cth), which says AFS licensees must manage risks properly.
ASIC’s action against FIIG is a reminder that all businesses need to take cybersecurity seriously—whether they hold an AFSL or not.
What ASIC says was missing
-
Comprehensive Risk Management Systems: AFS licensees are required to establish and maintain robust risk management frameworks that effectively address cybersecurity threats. This encompasses regular assessments and updates to security protocols to mitigate potential vulnerabilities. asic.gov.au
-
Implementation of Protective Measures: ASIC aligns with the Australian Cyber Security Centre’s (ACSC) guidance, advocating for the adoption of at least eight essential mitigation strategies. These measures are designed to safeguard systems against a wide array of cyber threats and should be tailored to the specific risk profile of each organization. asic.gov.au+1asic.gov.au+1
-
Continuous Monitoring and Improvement: Licensees must engage in ongoing monitoring of their cybersecurity posture, promptly addressing any identified weaknesses. This proactive approach ensures that defences evolve in response to emerging threats.
The bigger picture: Cyber risk is a business risk
While this case involves a financial services firm, the lesson applies to every business. Cybersecurity is not optional anymore. Customers, regulators, and partners expect businesses to protect their data and systems from cyber threats.
What your business should be doing
- Strong leadership on cybersecurity – Business owners and executives need to stay informed about cyber risks and make cybersecurity part of their company’s strategy.
- Managing risks proactively – Companies must monitor their cybersecurity risks, conduct regular security assessments, and have clear plans to reduce threats.
- Being ready for cyber incidents – Cyberattacks can and will happen. Businesses need strong response plans, employee training, and phishing simulations to prepare.
How 4walls can help
At 4walls, we help businesses take charge of their cybersecurity before a regulator forces them to. Our approach gives organisations a structured way to find, manage, and reduce cyber risks.
✔️ Cyber Security Dashboard: Get a clear view of your company’s cybersecurity risks and compliance gaps. Learn More
✔️ Risk Management & Incident Response: Put strong systems in place to stop and recover from cyber threats.
✔️ Cyber Governance Training: Help leaders understand how to manage cyber risks at the top level. Discover More
ASIC’s case against FIIG is a warning for every business. Cybersecurity is now a core part of running a business, not just an IT issue. Is your organisation prepared?
Talk to 4walls today to make sure your cybersecurity is up to standard.
