Readers may recall a short article that was published in our Corporate and Commercial newsletter on Cyber Security which drew attention to the steps that can be taken in order to assist in the prevention of cyber-attacks (please click here to read this article). Further to that article, ASIC has recently published a report on cyber resilience which is intended to help regulated organisations improve their ability to prepare and respond to cyber-attacks.
Regulated organisations have a legal obligation in relation to cyber risk management practices. For example, Australian Financial Services Licencees need to comply with such obligations that the report is particularly relevant to their consideration. The report, however, is appropriate reading for anybody involved in risk management within their organisations and should be taken into account when considering cyber-resistance and resilience.
The report is particularly helpful in that it contains a list of health check questions. We would recommend that all businesses read through those questions and answer them as best possible. If those questions identify any material risks then steps should be taken to deal with those as soon as possible.
Cyber security is not limited to infiltration by international crime groups or malicious cyber hackers. Significant proportions of cyber security incidents are related to conduct by employees, ex-employees or individuals with whom your business has had a dealing in the past. This reality drives home the importance of ensuring that your systems are properly protected.
We can certainly assist you with policies and documentation that deal with the threats. Similarly if cyber-attacks occur then we are also able to advise in relation to any legal remedies that may be available to you.
Our strong view, however, is prevention is far better than a cure and accordingly a close review of the ASIC report – which can be found at www.asic.gov.au/regulatory-resources/find-a-document/reports/rep-429-cyber-resilience-health-check, and the check list issued by the Australian Signals Directorate within the Department of Defence – which can be found at http://www.asd.gov.au/publications/protect/top_4_mitigations.htm is highly recommended.