Protecting personal information continues to grow as an essential function of businesses everywhere – particularly when it comes to sensitive information in sectors such as health industry.
According to the World Economic Forum, cyber risk has been recognised as “the most immediate and financially material sustainability risk that organisations face today”. A somewhat stark statement.
The Australian Securities and Investment Commission (ASIC) has recently warned directors that a failure to adequately address cyber security risk or comply with relevant disclosure and reporting requirements may be a breach of their directors' duties. This inevitably impacts medical and health practice owners and managers who will be expected to remain proactive about cybersecurity and ensure their systems and processes can appropriately deal with and respond to a cyber-attack.
There are a number of factors at play here. Cyber security attacks are becoming more sophisticated with high profile cybersecurity incidents taking place. There has also been a recent Federal Court of Australia decision in which a business and its directors in the financial services sector was found to have breached their obligations after failing to adequately manage its cybersecurity risks.The business was ordered to pay $750,000 towards ASIC’s costs. You can have a closer look at ASIC’s article here: Be prepared | ASIC - Australian Securities and Investments Commission.
As you can see, it’s a clear message from the corporate regulator– “Be prepared”.
According to ASIC, no business is too small for a cyber security strategy.
Practices are routinely collecting,storing, utilising and disclosing personal information. In light of the heightened attention and elaborate cyber-attacks, globally, it would be a very good time to look at your systems and processes and ask yourself:
Hopefully you are confident the answer to each of these questions is ‘yes’.
Cyber risk is, however, an area that continues to evolve, and all businesses and their directors will need to be on a journey of continuous improvement when it comes to cyber security.
ASIC have published resources on Cyber resilience goodpractices to "enable organisations to operate highly adaptive andresponsive cyber resilience good practices" that would need to betailored to the company with the assistance of technically-expert, internal orexternal guidance. To access, click here or visit https://asic.gov.au/regulatory-resources/digital-transformation/cyber-resilience/cyber-resilience-good-practices/
if you have questions, or would like more information about how these recent developments could affect your business, please call 1800 867 113 or to organise a confidential discussion with our data protection and privacy law specialists at a time that suits you, click here.
Justin Fung is a lawyer and the Head of Commercial and Corporate in our Avant Law team. Justin has over 15 years’ experience advising in commercial, corporate, risk, compliance, governance, regulatory enforcement and dispute resolution and advises clients in the private and public sectors.
He was previously General Counsel of a national allied health group of companies and held Group and Divisional Head of Legal roles in a major ASX-listed health company, whose operations covered medical and dental centres, allied health, pathology, diagnostic imaging, assisted reproductive technologies, day surgeries and hospitals. Prior to these in-house legal roles, Justin was an Executive Counsel with the global law firm Herbert Smith Free hills where he practiced for over 10 years.
Disclaimer: The information in this article is general in nature and is current to 15 July. It does not take into account individual circumstances and is not professional legal, financial or taxation advice. Avant Law provides legal services. It does not provide taxation or financial advisory services.
Liability limited by a scheme approved under Professional Standards Legislation. Legal practitioners employed by Avant Law Pty Limited are members of the scheme.