On 5 May 2022, the Federal Court delivered its penalty judgment in the RI Advice proceedings, which were commenced by ASIC for alleged breaches of its obligations as a financial services licensee under section 912A of the Corporations Act 2001 (Cth) following numerous cyber incidents. The Court made declarations of contraventions and ordered RI Advice to conduct a cybersecurity audit and to pay a contribution of $750,000 towards ASIC’s costs.

ASIC has also released its new Corporate Plan this month with cybersecurity risks at the forefront. As ASIC pursues its Corporate Plan, Kieran Doyle, Cain Jackson, Jessica Chapman and Samantha Younane explain why this is a challenging area for directors and officers – both due to the absence of regulatory or judicial guidance in respect of minimum cybersecurity standards as well as the ‘stepping stone’ approach ASIC may use to hold directors liable.

Read the update in full below.