Close Menu
ABL Logo
Link to the LinkedIn.com Link to the Facebook.com Link to the Twitter.com
ABL
Menu
Close
Home Insights & news Determining what’s “reasonable” in cyber risk mitigation is easy in hindsight
Insights Media

Determining what’s “reasonable” in cyber risk mitigation is easy in hindsight

30 May 2022
Corporate and M&A
Lock on keyboard

In an article published in today’s edition of The Australian, partner Jonathan Wenig argues that a decision handed down by the Federal Court this month – the first of its kind in Australia – offers emphasis but little definition into just how much mitigation will be considered reasonable by our regulators.

ASIC took action against RI Advice Group following a series of nine cyber incidents, the most significant of which involved an unknown malicious agent gaining unauthorised access to an authorised representative’s file server, undetected, from December 2017 to April 2018. In the Federal Court, Justice Rofe accepted ASIC’s submission that the firm, which is regulated under the Australian Financial Services Licensing regime, had failed to do all it could/should to ensure its financial services were provided “efficiently, honestly and fairly”.

“While the landmark decision reinforces the multi-layered risks for businesses that fail to adopt appropriate cyber resilience measures, what’s ‘reasonable’ is being assessed in relation to a generalised yardstick that fails to take account of the real-world complexity (and diversity) of sound sector appropriate, company appropriate decision-making. Let alone the real-world, real-time ingenuity of the cyber bad guys to stay a step ahead,” Jonathan writes.

“There’s a marked parallel between the regulatory framework for AFSL holders and the legislative framework that underpins director duties in law. Both sets of duties are defined in overarching, generalised terms, leaving licensees and directors to discern the specifics around what is an appropriate response to cyber and a host of other risks.

“There’s something in the generalised nature of the RI Advice decision that adds further question marks to the confused debate around corporate responsibility in relation to climate change mitigation and climate reporting. The bottom line is that both cyber and climate risk are relevant to everyone but to very different degrees, and the regulatory choice in both instances is whether to be prescriptive or impose a ‘reasonable person in the circumstances’ test.

“The law does the latter. And while that allows for context, in relation to something like cyber it runs the risk of ending up looking like strict liability – because you only judge whether something was reasonable in the circumstances based on whether it worked - this is where ASIC’s litigate now, ask questions later, approach could be refined.”

To read Jonathan’s article in full, click here.

Jonathan’s article was prepared with the assistance of Michelle Lau.

Jonathan Wenig people page
Michelle Lau people
Jonathan Wenig , Michelle Lau
If you have any questions about the information contained in this article, please contact our team below.
Contact our team

Read next

Prev Next
ML MG 1
Insights Article

Lives in the Law Podcast – Mark Leibler in conversation with Michael Green

Senior partner Mark Leibler is the latest guest in a series of interviews about Victoria’s legal ecosystem, which has previously featured former Governor Linda Dessau, former justice Michael Kirby and author Helen Garner.
19 April 2024
Best Lawyers 2025 2
News Announcement

ABL listed in 2025 Best Lawyers® International guide

In this year’s Best Lawyers® International guide, 50 Arnold Bloch Leibler lawyers have been recognised across 27 areas of practice.
18 April 2024
iStock 1432666805
Insights Media

Troubling prospect to allow merger changes to shield ACCC from court scrutiny

In an article published today on the main opinion page of the Australian Financial Review, competition partners Zaven Mardirossian and Gabriel Sakkal argue that a feature of the proposed merger reforms that has slid under the radar to date is the ACCC’s unprecedented attempt to push for changes that will shield its decision-making from the scrutiny of our court system.
15 April 2024
iStock 105698519
News Deals & matters

ABL advises founder Matt Tripp on betr's landmark merger with BlueBet

Arnold Bloch Leibler has advised online wagering business betr on its merger with ASX-listed BlueBet.
11 April 2024
The case for employee share schemes v2
News Media

No medals for Australia in inaugural survey of employee share schemes

The first global survey of employee share schemes has found Australia lagging well behind the US and advanced economies of Europe, and also New Zealand.
11 April 2024
iStock 1387945043
News Deals & matters

ABL advises Honey Insurance on the third-largest Series A funding round ever recorded in Australian tech

Arnold Bloch Leibler has acted for Honey Insurance on its $108 million Series A funding round – the third-largest on record for an Australian tech company.
9 April 2024
iStock 493082328
News Deals & matters

ABL advises Alceon on investment in Boss Engineering

Arnold Bloch Leibler has advised private equity and investment management firm, Alceon Private Equity, on its acquisition of a 50% interest in agricultural equipment manufacturer, Boss Engineering.
9 April 2024
ABL WEBSITE IMAGE SIZE 7
Insights Media

All pop and no fizz for Pepsi – partner Shaun Cartoon explains federal court decision on SKY Business

In a segment broadcast on last Sunday’s edition of Business Weekend, tax partner Shaun Cartoon explained some of the finer details of a landmark ruling by the federal court late last year that Schweppes Australia, a company contracted to provide bottling services for the US-based PepsiCo group, paid royalties for its exclusive bottling rights to the PepsiCo Group, triggering withholding tax, or in the alternative, the diverted profits tax.
2 April 2024