top of page

Company Directors Obligations

Cyber security is now a key duty for company directors, not just IT staff. Directors must actively manage cyber risks to protect their companies from financial, reputational, and legal damage. Understanding these responsibilities is vital for building a strong cyber defense

Directors Obligations.png

Case Study:

While pinpointing specific instances of directors being prosecuted solely for cyber security negligence can be tricky, the significant RI Advice Group case clearly illustrates regulatory action concerning inadequate cyber security practices, which directly reflects on directors' responsibilities.

 

The breakdown:

Company - RI Advice Group:
The Australian Securities & Investments Commission (ASIC) took RI Advice, an Australian Financial Services Licence holder, to court for failing to maintain adequate cyber security systems and controls.


This case emphasised the responsibilities of companies, and consequently, their directors, to manage cyber security risks.
The Federal Court found that RI Advice breached the Corporations Act by failing to implement sufficient cyber security measures.


Key issues included:

  • Failure to implement appropriate cyber security controls.

  • Failure to adequately respond to and mitigate known cyber security risks.

 

The fact that they had knowledge of cyber attacks on their systems and did not take sufficient action.
This case demonstrates that Australian regulators are actively pursuing action against companies that do not take cyber security seriously.


This is important because, whilst individual directors were not singled out, this case sets a precedent that directors have a duty of care regarding cyber security.

 

Key takeaways:

This case underscores that directors are responsible for ensuring their organisations have robust cyber security measures in place.
Regulators like ASIC are actively monitoring and taking action against companies with inadequate cyber security practices.
The focus is on the company's overall governance and risk management, which are within the board of directors' remit.


It's important to understand that the legal landscape around cyber security is evolving. While direct prosecutions of individual directors may be less common, their responsibilities are clear, and regulatory bodies are increasingly focused on holding companies accountable.

bottom of page