HomeLatest NewsASIC takes aim at boards and executives for cybersecurity failures

Monday, October 23, 2023

Return to listings

ASIC takes aim at boards and executives for cybersecurity failures

Corporate Risk
Financial Institutions
Professional Services

In an era where digitalisation has become synonymous with business operations, the threat landscape has evolved and cybersecurity has taken centre stage.

The Australian Securities and Investments Commission (ASIC) is stepping up its efforts to hold boards and executives accountable for cybersecurity failures within their organisations, which was addressed by ASIC Chair Joe Longo at the Australian Financial Review Cyber Summit last month. This proactive approach is aimed at safeguarding not only corporate data but also shareholder value and public trust.

The growing cybersecurity threat

Malicious actors, ranging from nation-state hackers to cybercriminal syndicates, constantly evolve their tactics to breach organisational defences. The consequences of such breaches can be catastrophic, causing financial losses, reputational damage, and, in some cases, even endangering national security.

In this landscape, ASIC recognises that cybersecurity is no longer solely an IT issue but a critical aspect of corporate governance as cybersecurity breaches can result from poor decision-making, insufficient investment in security measures, or a lack of awareness at the board and executive levels.

ASIC's Regulatory Shift

ASIC has traditionally been associated with financial regulation, but it is now expanding its focus to address the cybersecurity risks that businesses face. The regulatory body is leveraging its authority to ensure that boards and executives take their cybersecurity responsibilities seriously.

Key Initiatives by ASIC

  • Strengthening Reporting Requirements: ASIC has introduced new regulations that compel companies to disclose material cybersecurity incidents and risks to investors and the broader public. This increased transparency ensures that stakeholders are informed about the cybersecurity posture of the organisations they invest in.

  • Focus on Risk Management: ASIC is encouraging organisations to implement robust risk management frameworks that prioritise cybersecurity. Boards and executives are being urged to integrate cybersecurity into their overall risk management strategy.

  • Director and Officer Accountability: ASIC is examining the role of directors and officers in managing cybersecurity risks. Those who fail to meet their obligations could face legal action, including penalties and disqualification from corporate positions.

  • Cybersecurity Resilience Assessments: ASIC is promoting regular cybersecurity assessments and audits to identify vulnerabilities and weaknesses within organisations. This proactive approach aims to prevent cyber incidents rather than just responding to them.

Benefits of ASIC's Approach

ASIC's proactive stance toward holding boards and executives accountable for cybersecurity failures offers several benefits:

  • Improved Cybersecurity Posture: Organisations are incentivised to enhance their cybersecurity measures, reducing the likelihood of breaches and associated financial and reputational damage.

  • Enhanced Shareholder Confidence: Increased transparency and accountability help build shareholder trust, leading to a more stable investment environment.

  • Deterrence of Cybercriminals: When boards and executives are held responsible for cybersecurity failures, it sends a strong signal to cybercriminals that Australian businesses are not easy targets.

  • National Security: Protecting critical infrastructure and sensitive information is essential for national security, and ASIC's approach contributes to this goal.

Implications for Directors & Officers

Directors and Officers are not expected to understand the technical ins and outs of cyber-attacks or the finer details of their company’s IT systems and hardware. However, they must know how to govern privacy and cyber-security risks. Here are three key areas to consider:

1. Understanding the Threat Landscape

Acquiring a comprehensive grasp of the threat landscape within the organisation enables boards and executives to grasp the potential repercussions of cyber risks.

2. Maintain Robust Privacy and Cybersecurity Compliance Protocols

3. Implement Core Components of a Cybersecurity Program

Leveraging the Australian Cyber Security Centre's Essential Eight Maturity Model serves as an effective approach to mitigating cyber threats.

With you all the way

Recognising the interconnectedness of cybersecurity and corporate governance, ASIC's proactive approach to holding boards and executives accountable for cybersecurity failures is a significant step toward creating a more secure business environment in Australia.  

To find out how Honan can help you manage these risks, reach out directly to discuss your business’s unique needs.

Trent Woodward

Head of Client Service (SA)

Trent.woodward@honan.com.au  

Return to listings
Melbourne
Sydney
Brisbane
Perth
Adelaide
Darwin
Newcastle
Auckland
Singapore
Kuala Lumpur
Corporate Risk
Biotech & Life ScienceConstructionFinancial InstitutionsFood & BeverageMedical & Health ServicesMining & Energy
Professional ServicesRetailSportStart-UpsTechnologyTransport & Logistics
Employee Benefits
Wellness Solutions
Strata & Real Estate
Strata at HonanReal Estate at Honan
Important Documents

Honan Document Library

New Zealand Financial Advice Disclosure

Financial Hardship Policy

Supporting Vulnerable Customers Policy

Domestic & Family Violence Policy

NIBA Code of Practice

General Code of Practice

Financial Service Guide

Honan Document Library

New Zealand Financial Advice Disclosure

Financial Hardship Policy

Supporting Vulnerable Customers Policy

Domestic & Family Violence Policy

NIBA Code of Practice

General Code of Practice

Financial Service Guide

Privacy Policy
Feedback and Complaints Policy
Terms of Use

Honan Insurance Group Pty Ltd (Australian Financial Services Licence no. 246749, ABN67 005 372 396) is an insurance broker acting as agent for insureds and intending insureds. Honan is not an insurer.  The information on this website has been prepared without taking into account your objectives, financial situation or needs.  Any advice provided on this website is general advice only.  Before making a decision to purchase an insurance policy, please read the relevant Product Disclosure Statement to make sure the policy is right for you.  Insurance cover is subject to policy terms and conditions including policy limits and exclusions. 

From time to time, Honan may act under a binder arrangement with an insurer.  When this happens, Honan is authorised by the insurer to issue certain insurance policies on the insurer’s behalf.  When Honan does this it acts as the agent for the insurer and not for any insured person.  We will let you know when we are acting under a binder.  You can view the Product Disclosure Statements for the insurance policies we issue under a binder arrangement here.  A copy of the Target Market Determination for each policy is also available on this website.

Copyright 2024 Honan Insurance Group Pty Ltd ABN: 67 005 372 396. All rights reserved.

Website Designed & Developed by Splashbox