ASIC comes for IOOF subsidiary over inadequate cyber security infrastructure

ASIC comes for IOOF subsidiary over inadequate cyber security infrastructure

The Australian Securities and Investment Commission (ASIC) has launched legal proceedings against a subsidiary of IOOF (ASX: IFL) for failing to have adequate cyber security systems.

The case, now in the Federal Court, follows a number of alleged cyber breach incidents at authorised representatives of RI Advice Group, an Australian Financial Services (AFS) licence holder.

These breaches include an alleged alleged cyber-attack at Frontier Financial Group.

ASIC alleges that Frontier was subject to a "brute force" attack whereby a malicious user successfully gained remote access to Frontier's server and spent more than 155 hours logged into the server, which contained sensitive client information including identification documents.

Further, the watchdog alleged RI failed to have implemented adequate policies, systems and resources which were reasonably appropriate to manage risk in respect of cybersecurity and cyber resilience.

ASIC is seeking declarations that RI contravened the Corporations Act, that it pay a civil penalty, and compliance orders that its systems can adequately stand up to cyber-attacks.

IOOF says its subsidiary has been upgrading its systems following the alleged cyber breaches.

"The allegations by ASIC are very general but appear to relate to a small number of cyber-attacks of a nature not uncommonly faced by Australian businesses, on a small number of authorised representatives of RI Advice," says IOOF.

"In most instances, no client data would appear to have been compromised.

"RI Advice has worked, for some time, with its Authorised Representatives and third party experts to improve its cyber security and resilience."

According to Julian Challingsworth, the co-CEO of listed cybersecurity firm Pure Security, the proceedings brought by ASIC are a ground-breaking development.

"A regulator taking action of this nature is a first and sends a strong message about enforcement to Australian business," says Challingsworth.

"No longer can cybersecurity be regarded just an IT and compliance issue, it has now become a reputation and brand issue.

"This action has elevated cybersecurity to requiring the full attention of the CEO, Board and CFO. This may also be the precursor to the Australian Government introducing director's liabilities for cyber security."

Shares in IOOF are down 2.68 per cent to $4.35 per share at 12.21pm AEST.

Never miss a news update, subscribe here. Follow us on Facebook, LinkedIn, Instagram and Twitter.

Business News Australia

Get our daily business news

Sign up to our free email news updates.

 
Whitefox Recruitment founder Luke Hemmings making strides as a careers leader
Partner Content
After relocating his Canberra-founded company Whitefox Recruitment to the Gold Coast la...
Whitefox Recruitment
Advertisement

Related Stories

ASIC secures its first court win for greenwashing against US giant Vanguard

ASIC secures its first court win for greenwashing against US giant Vanguard

The Australian corporate watchdog has caught out one of the world&r...

Medicinal cannabis group Althea shaves $1.5m from its cost base through staff cutbacks

Medicinal cannabis group Althea shaves $1.5m from its cost base through staff cutbacks

Australian-founded medicinal cannabis company Althea Group (ASX: AG...

Charter Hall snares 15pc stake in Hotel Property Investments for $97m from 360 Capital

Charter Hall snares 15pc stake in Hotel Property Investments for $97m from 360 Capital

Listed funds manager 360 Capital Group (ASX: TGP) has offloaded its...

Lendlease gains approval for $1.7b transformation of Queen Victoria Market precinct

Lendlease gains approval for $1.7b transformation of Queen Victoria Market precinct

Australian development giant Lendlease Group (ASX: LLC) has been gr...