Cybersecurity Banner v2.jpg

Corporate Regulation

In its Cyber Resilience Report (Report 429: Cyber Resilience – Health Check), the Australian Securities and Investments Commission (ASIC) clarified that the obligation on company directors and officers to discharge their duty with care and diligence extends to cyber security and resilience.

A director’s duty now includes an obligation to ensure appropriate commitment to cyber resilience in an organisation’s corporate governance regime.  Directors face personal liability for failing to foster appropriate cyber resilience in their company.

While the business impacts and risks associated with cyber-incidents continue to grow, it can be difficult for directors and the Board to know where to start in discharging their cyber resilience duties.

ASIC has indicated that it expects directors to specifically consider:

  1. How cyber risk impacts on director’s duties and annual director report disclosure requirements;
  2. Whether they have appropriate Board-level oversight of cyber risks and cyber resilience; and
  3. Whether a consideration of cyber risks has been incorporated into the organisation’s governance and risk management practices, controls and measures for managing those risks.


Crisis Management

William Roberts’ multi-disciplined 24/7 crisis team can mobilise to immediately respond to company’s cybersecurity breach, offering the support and fitting into the company’s crisis management team. As the crises unfolds beyond the initial response, William Roberts can work to build a more detailed assessment and management process, undertake forensic investigations and advise on how to engage with regulators, potential claimants or defendants. Once the worst is passed, we can work with the Company and it’s Board to identify key learnings and longer term responses. 

William Roberts Lawyers can also assist companies by acting as the core custodian of the facts under privilege; ensuring that the right information is available to decision makers; support any internal investigations; provide legal advice to the Board and Management, including any legal remedies available together with liaising with regulators.