Federal Court finds RI Advice failed to manage cybersecurity risks in landmark decision

on May 4, 2022 | Topic: Legal

In an Australian first, the Federal Court has found that financial services firm RI Advice breached its licence obligations by failing to implement adequate risk management systems to manage cybersecurity threats.

This was the first case brought by the Australian Securities and Investments Commission (ASIC) against any licensee and, subsequently, sets a new legal standard for how financial service providers should seek to execute cybersecurity management plans. The company has been ordered by the court to pay AU$750,000 toward ASIC’s costs, and to engage a cybersecurity expert within the next month to advise and assist RI Advice’s authorised representative network.

The decision comes after a significant number of cyber incidents affected authorised representatives of RI Advice between June 2014 and May 2020, leading ASIC to file against the company for breach of its licence obligations.

In a statement, ASIC detailed that one of the incidents involved an unknown malicious agent who obtained access to an authorised representative’s file server, through a brute force attack, from December 2017 to April 2018 before being detected. ASIC claimed that this resulted in the “potential compromise of confidential and sensitive

Read More: https://www.zdnet.com/article/federal-court-finds-ri-advice-failed-to-manage-cybersecurity-risks-in-landmark-decision/#ftag=RSSbaffb68