Category: Insights

Subrogation

Did you know: When either the insurer or the insured commences proceedings in a recovery action that involves subrogation, they are obligated to protect the rights of the other party.

 Subrogation is defined as the “substitution of one person or group by another in respect of a debt or insurance claim accompanied by the transfer of any associated rights and duties”. Typically, it is the insurer who indemnifies the insured and then refers the matter off to a panel firm (hopefully William Roberts) to commence recovery. However, what happens to this right of subrogation if the insured jumps the gun and commences their own proceedings in relation to an indemnified event?

 Simply speaking, if an insured has commenced their own recovery proceedings in relation to subrogated losses, the insurer has the ability to take over the conduct of those proceedings, including having the matter referred to their preferred legal provider. However, neither party should prejudice each other’s right to recover. That means the insured cannot issue proceedings that prejudice the right of the insurer by only pursuing damages over and above the amount that has already been compensated under the policy. So while the insured can settle with a defendant for only its uninsured losses, it cannot prejudice the right of the insurer to proceed to recover its indemnified loss under the policy. Similar obligations apply to the insurer.

 A contract of insurance involves a requirement for the parties to act in good faith. If the insured fails to have proper regard to the interests of the insurer, and by doing so prejudices the insurer’s interests, the insurer is entitled to make a claim for damages (see Yorkshire Insurance Co. Ltd v Nisbet Shipping Co Ltd [1962] 2 QB 330; Broadlands Properties Ltd v Guardian Assurance Co Ltd (1984) 3 ANZ Ins Cas 60-552). An insured is under a general duty not to engage in any conduct that would prejudice the subrogation rights of the insurer, even in the absence of an express term to that effect in the insurance policy. If the insured’s actions mean that the insurer is unable to pursue a defendant for the sums that it has paid to the insured owing to the insured’s conduct, it follows that the insurer has an actionable claim for breach of contract against the insured directly.

 Accordingly, if you come across an insured who has commenced their own recovery proceedings in relation to subrogated loss, it is important that you urgently put them on notice of the insurer’s subrogated interest in the matter, including providing them with a subrogation agreement, and refer the matter to a panel firm as soon as possible. William Roberts has assisted on many occasions with the drafting of specific subrogation agreements for individual circumstances. Should you come across a matter like this, please do not hesitate to reach out to our office for assistance.

 About me (Luca Nuzzo) – I have been an insurance litigation lawyer for 4 years and am an Associate in William Roberts’ Victorian team. I am assisting in the overseeing of the non-pay recovery project with one of our major clients, which has seen a significant uptick in the recovery of funds for the insurer.  When not at work, you can usually find me organising my fantasy AFL team for the upcoming week (a coach’s job is never done) or tending to my growing veggie garden.

WR Insurance Bulletins

Welcome to William Roberts’ Insurance bulletins, where we share our thoughts on relevant or interesting legal issues.

Please click on the relevant article to read more

Calderbank OffersDid you know – The principles for when offers can be relied upon to obtain a cost advantage were first outlined in the case of Calderbank v Calderbank (1975) 3 ALL ER 333, hence the term “Calderbank-offer”.   The critical question the Court will ask when considering a Calderbank-offer is whether the rejection of the offer was unreasonable in the circumstances.

Dual Insurance Did you know: Subrogated recovery against a third party isn’t your only potential recovery path. There may be another insurance policy that covers your insured for their loss. In other words, there may be dual insurance!

Legal Professional Privilege – The term “privileged” is often thrown around and slapped on the top of letters and emails.  But do you understand how legal professional privilege applies, and when it is appropriate to use?

The curious case of the snail in the bottle Did you know? One of the pivotal moments in tort law history features a decomposed snail found in a bottle, which was the subject of the dispute in Donoghue v Stevenson [1932] AC 562.

Negligence vs Nuisance – In certain situations, both the law of negligence and the law of nuisance may apply to damages caused by one party to another. Have you ever wondered what is the difference between the law of negligence and the law of nuisance?

How to determine loss if a supervening event causes further damageDid you know: Supervening events do not affect your recovery of damages!

No hire car charges for unroadworthy vehicles and unlicensed drivers Did you know: You can (and should) oppose hire car or loss of income claims where the damaged third party vehicle was (i) unroadworthy, or (ii) illegally modified, or (iii) where the third party driver was unlicensed.

SubrogationDid you know: When either the insurer or the insured commences proceedings in a recovery action that involves subrogation, they are obligated to protect the rights of the other party.

 Please do not hesitate to contact Brian Silva (02 9552 2111), Fred van Reede (07 3894 0780) or any member of our team should you have any questions.

No hire car charges for unroadworthy vehicles and unlicensed drivers

Did you know: You can (and should) oppose hire car or loss of income claims where the damaged third party vehicle was (i) unroadworthy, or (ii) illegally modified, or (iii) where the third party driver was unlicensed.

Following the High Court’s judgment in Arsalan v Rixon (2021) 274 CLR 606, our firm was involved in two matters that went on appeal to the Victorian Supreme Court.

Yehia v Williams [2022] VSC 197 involved a claim for hire car charges incurred after a heavily modified Holden was allegedly written-off in a motor vehicle collision. The Magistrate accepted our arguments that the damaged Holden was repairable, and that as the Holden could not have been legally driven on Victorian roads, there was no consequential loss of amenity which could ground a claim for hire car charges. The Plaintiff unsuccessfully appealed the Magistrate’s decision, with the Victorian Supreme Court stating:

The purpose of damages is to put the Plaintiff in the position he or she would have been in, if not for the Defendant’s negligence.  At the time of the collision, Mr Yehia was lawfully permitted to admire his car and show it to others, but under the Regulations, he was not permitted to use it on the road.  I accept … that to award Mr Yehia the cost of the replacement car would put him in a better position than he was in at the time of the collision.

Taleb v Rijal [2022] VSC 259 followed on the heels of Yehia and (similarly) involved a claim for hire car charges incurred when Mr Taleb’s vehicle was written-off in a collision. The insured reported to the claims officer that Mr Taleb had produced a blue licence (Victorian licences are green). Subpoenaed records from the (now) Department of Transport and cross-examination revealed that Mr Taleb had lost his Victorian licence and was unable to be relicensed without a Court order, but that he had obtained a South Australian licence without declaring his driving record to SA authorities. The Magistrate awarded nominal damages of $1,000 for loss of use, finding that Mr Taleb was entitled to a hire car but had failed to prove the sum of his loss. Mr Taleb appealed the Magistrate’s decision on the quantum and we cross-appealed the finding that Mr Taleb was entitled to any hire car at all. Having already delivered the Yehia decision, the Victorian Supreme Court dismissed Mr Taleb’s appeal, upheld our cross-appeal and found as follows:

 I recently considered similar submissions in the matter of Yehia v Williams… In this case, the illegality is different.  It relates to the driver of the damaged vehicle, not the vehicle itself.  Notwithstanding this difference, having considered the submissions of both parties, I am satisfied the result is the same.  Mr Taleb should not be awarded damages for a replacement car that he was not lawfully permitted to drive.  Unlike Mr Yehia, who was denied a claim on the basis that it would have put him in a better position, I consider Mr Taleb should not be awarded car hire costs as the Court will not be a vessel for such illegality.

 Importantly, the illegality element did not prevent the underlying collision damage itself from being recovered (i.e. cost of repairs or total loss values of the vehicles) – while it could be a significant additional element if there is a liability dispute or any allegation that the illegal modifications, unroadworthiness, or lack of licence caused or contributed to the collision, in circumstances where an insured is plainly liable for the collision it is only the consequential loss (hire car charges or loss of income, for example) which can be opposed by reference to the decisions in Yehia or Taleb.

About me (Stuart Proposch) – I have been an insurance litigation lawyer for 6 years and am a Senior Associate in William Roberts’ Victorian team. When not at work, you can usually find me tinkering with my (legally) modified Mazda MX5, riding my (unmodified) bicycle with family and friends, or on the mixed netball court.

How to determine loss if a supervening event causes further damage

Did you know: Supervening events do not affect your recovery of damages!

Consider the following examples:

A person scratches a car, but before it is repaired the car is set on fire by another’s negligent act.

A homeowner who has a house built and after close examination discovers that it comprises of structural defects.  The house requires substantial repairs and during legal proceedings against the builder, an earthquake strikes, destroying the house along with neighbouring properties.

A ship that is negligently struck at sea by another, only to then be sunk by a wartime naval mine before repairs can be affected.

The Presumed Rule

 It was confirmed in Dimond v Lovell [2002] 1 AC 384, that the measure of loss is the expenditure required to put the subject property back into the same state as it was in before the accident. 

In the car example, the loss is suffered as soon as the car is damaged (the scratch).  If the car was destroyed by fire the next day by the negligence of another, the second wrongdoer would only have to pay damages equivalent to the reduced value of the scratched car.  The person who scratched the car remains liable for the estimated cost of repairing the damage they caused.

In the house example, the builder remains liable for the cost of rectifying the defects, and the owner is still entitled to recover the cost of rectifications from the builder, even if rectification work cannot be performed.

In the ship example, even though the ship is not recoverable and will never be repaired, the wrongdoer of the first incident is still liable for the damages they caused.  Therefore, the owner will still be able to claim the cost of repairs to the ship.

In summary, a subsequent event causing further damage or destruction to the property does not release the original wrongdoer of liability.

Is there an obligation to repair?

 Using the car example, the owner is entitled to recover the cost of repairs against the person who scratched the car.  The owner of the vehicle is not obligated to follow through with repairing the scratch.  The owner may repair the vehicle themselves.  The owner could choose to not have the vehicle repaired at all.  It may be given away or sold off for its post-accident value.

The law of damages does not interfere with the owner’s freedom of choice in this regard.

About me (Will Sas) – I act for insurance companies involved in liability, quantum and contract disputes.  I am an Associate in the William Roberts’ Queensland team, and responsible for Queensland, South Australia and Western Australia litigation.

Negligence vs Nuisance

In certain situations, both the law of negligence and the law of nuisance may apply to damages caused by one party to another. Have you ever wondered what is the difference between the law of negligence and the law of nuisance?

Negligence

 Negligence has been a long-established principle often used in the recovery of damages caused by an act or omission.

To succeed in a claim in negligence, the following elements must be fulfilled:

  1. A duty of care must exist between the parties, namely that one party has a relationship and legal duty to take reasonable care (for example, being an owner of a house owing a duty to your neighbours not to cause damage to their property).
  2. A breach of this duty of care must have occurred (using the house example, if the house owner started a fire at their property without proper precautions preventing its spread, and the fire then spreading to the neighbour’s property).
  3. There must have been damage caused as a result of the breach of duty (using the above example, that the fire that spread to the neighbour damaged the neighbour’s property).

The relevant considerations in establishing the breach of duty of care are the exact precautions that a reasonable person would take, and the knowledge that the fire would spread if the precautions are not taken.

Nuisance

Nuisance on the other hand balances the relationship between the right of an occupier to use their land freely, and that of any ‘neighbour’ to enjoy the use of their land without interference.  The elements required for a nuisance claim are that:

  1. One party owns or leases land.
  2. A party performs an act that interferes with the owner’s use and enjoyment of the land.
  3. The interference with the use or enjoyment was substantial and unreasonable.

It is the nature of the interference on the land that is the crux and is assessed on the basis of being substantial and unreasonable.

While nuisance usually involves direct neighbours, the focus is on the interest in land and interference, thus should not be limited by the proximity of the parties as long as the elements are fulfilled.

Using the above fire example, the neighbour will have a claim in nuisance for the spread of the fire to their property as there was an act by the neighbour who started the fire, and the fire caused an interference to the property that was substantial and unreasonable.

 The principles in practice

 The difference between the principles is that negligence focuses on the duty of care and its subsequent breach causing damage, while nuisance focuses on the act that interferes with the use or enjoyment of the land between the parties.

Nuisance can arise where no duty of care exists – one simply needs to establish that the parties were parties with interests in land and that there was an interference that was substantial and unreasonable.

This makes nuisance a useful tool in certain areas where negligence might fall short.  For example:

  • A duty of care may not be easy to establish, especially as it is required that it is reasonably foreseeable that the action or omission could cause injury, and a reasonable person in the same position would not act the same way.
  • In certain jurisdictions, there may be legislation increasing the threshold to establish a duty of care. For example, in NSW, section 42 of the Civil Liabilities Act 2002 prescribes that to establish a duty of care on public authorities, certain factors such as the financial and resource constraints must be considered, and the authority may rely on evidence of its compliance with the general procedures and applicable standards for the exercise of its functions as evidence of the proper exercise of its functions.

Using nuisance, a plaintiff may overcome these hurdles and find it easier to recover damages caused to their property.

In summary, the basis of the liability in nuisance is on the creation of the state of affairs that resulted in the substantial and unreasonable interference with the Plaintiff’s property. This is distinguished from the elements of a duty of care in negligence, where a duty of care must be established.

About me (Vincent Hui) – I am an Associate in the William Roberts’ Sydney Insurance Team with experience in motor vehicle and property recovery litigation across the Sydney Local Court and District Court. Having grown up in Singapore, I am bilingual in English and Chinese, and in my spare time I enjoy playing badminton as my competitive fix.

The curious case of the snail in the bottle

Did you know? One of the pivotal moments in tort law history features a decomposed snail found in a bottle, which was the subject of the dispute in Donoghue v Stevenson [1932] AC 562.

Mrs Donoghue purchased a bottle of ginger beer from a café in Scotland.   After she drank the ginger beer she noticed a decomposed snail floating in the liquid.  This resulted in her contracting gastroenteritis.  She sued the manufacturer of the ginger beer, Mr Stevenson, for damages.  However, having no contractual relationship with the manufacturer, Mrs Donoghue had to rely on an action in negligence. The main issue that had to be determined was whether Mr Stevenson, as the manufacturer, owed a duty of care to Mrs Donoghue. At the time, there was no clear legal precedent on the duty of care owed by manufacturers to consumers.

The House of Lords found in favour of Mrs Donoghue, holding that Mr Stevenson did owe a duty of care to Mrs Donoghue. The Court established the “neighbour principle”, which holds that a person owes a duty of care to those closely and directly affected by their actions. This duty was famously articulated by Lord Atkin when he said:

“You must take reasonable care to avoid acts and omissions which you can reasonably foresee would be likely to injure […] persons who are so closely and directly affected by [your] act that [you] ought reasonably to have them in contemplation when [you] are directing [your] mind to the acts or omissions which are called in question. This standard of reasonable care creates a positive duty on a manufacturer, retailer, distributor or donor to exercise a standard of reasonable care for any injury which is reasonably foreseeable in respect of those goods.”

The decision in Donoghue v Stevenson established the legal framework for modern negligence law.   Also, the YouTube parody video is a must see

About me (Anjelica Whitelaw) – I have been an insurance litigation lawyer for nearly 2 years and I am an Associate in the William Roberts Lawyers’ New South Wales team. Outside of work, I advocate and fundraise for Make-A-Wish Australia so that seriously ill children can experience the power of a wish. When I’m not in the office, you can find me hosting fashion events or on stage at international pageants.

Legal Professional Privilege

The term “privileged” is often thrown around and slapped on the top of letters and emails.  But do you understand how legal professional privilege applies, and when it is appropriate to use?

Did you know: Legal Professional Privilege protects the disclosure of confidential communications or documents prepared by the client, their lawyer or another person, for the dominant purpose of:

  • the lawyer providing legal advice to the client; or
  • the provision of legal services relating to actual or anticipated legal proceedings to which the client is or may be a party.

 Relevantly to you as an insurer, privilege will apply where the document was created or commissioned by the insurer for the dominant purpose of provision to lawyers for the purpose of obtaining advice or for use in actual or anticipated legal proceedings.

Documents that privilege is commonly claimed over include:

  • Expert reports (including drafts)
  • Letters of instruction
  • Claim notes (or parts thereof)
  • Call recordings (including with experts)
  • Any other document that would be created by you, or others who you have engaged, as part of the claim process.

The “dominant purpose” is one that predominates over other purposes; i.e. the supreme purpose.

In determining what the dominant purpose is, a good starting point is to ask yourself what was the intended use or uses of the document? Was the document created or commissioned to ascertain liability, or was it created for the purpose of deciding whether to provide indemnity? These are the type of questions you need to consider when ascertaining whether you can claim privilege over a document.

The concept of obtaining legal advice is fairly wide and if a lawyer commissioned the document on your behalf, then your ability to claim privilege over it is a lot easier. However, privilege may not extend to internal legal advice provided within the business and so you should act prudently if providing advice or attempting to rely on privilege in that context.

Actual or anticipated legal proceedings does not necessarily mean that the commencement of proceedings be more probable than not, but there must be a real prospect of litigation. When legal proceedings are threatened in correspondence such as a letter of demand, upon receipt of the demand, it’s reasonable to infer that litigation is anticipated. Therefore, privilege should be asserted over documents prepared from that date onward.

If you have concerns about having to disclose a document, you can always instruct a lawyer to commission the document on your behalf. This is not a full proof method, but it is certainly less likely to be scrutinised than if you commissioned the document yourself.

About me (Georgia Wiadrowski) – I’ve spent the past four years as an insurance litigation lawyer in the William Roberts’ Victorian team. Outside of work, you’ll often find me enjoying bushwalking adventures or lending a hand in the family vineyard and winery.

Dual Insurance

Did you know: Subrogated recovery against a third party isn’t your only potential recovery path. There may be another insurance policy that covers your insured for their loss. In other words, there may be dual insurance!

Dual insurance exists where, at the time of the loss, two or more legally enforceable policies cover the same interest in the same subject matter against the same risk.

When determining whether the same interest has been insured, don’t worry about the nature of the claim made by the insured. Instead look at the straightforward question of whether two policies cover the same loss.

Where there is dual insurance, if you have indemnified your insured already, this gives you the right to seek contribution from the other insurer. Happy days!

There doesn’t have to be any similarity between the relevant insurance contracts regarding their general nature, or purpose, or the extent of the rights and obligations they create. What matters is simply that each contract is a contract of indemnity and covers the identical loss that the identical insured has sustained.

The right to contribution is:

… founded on concepts of fairness and justice… In this context, “natural justice”  requires that if “one of several persons has paid more than his proper share towards discharging a common obligation he is entitled to be recompensed by those who have not.” Burke v LFOT Pty Ltd [2002] HCA 17 at [22]

Examples of where they may be dual insurance include:

  1. Contract works – there are many parties to a project (Principal, head-contractor, sub-contractors, etc) and there are frequently a number of insurance policies floating around. Note: look carefully at whether there is a subrogated claim first;

 

  1. Motor accidents – where one or more of the parties were driving in the course of their employment;

 

  1. Fire claims.

And so – don’t write off recovery just yet. Have a think about whether there may be dual insurance!

 

About me (Brian Silva) – I lead our Insurance Team. I was born in the Turks and Caicos Islands (West Indies), come from a Sri Lankan background, but sadly despite that pedigree am not any good at cricket!

Calderbank Offers

Did you know – The principles for when offers can be relied upon to obtain a cost advantage were first outlined in the case of Calderbank v Calderbank (1975) 3 ALL ER 333, hence the term “Calderbank-offer”.   The critical question the Court will ask when considering a Calderbank-offer is whether the rejection of the offer was unreasonable in the circumstances. In assessing the “reasonableness” of an offer, the Court has set out the following essential elements of what should be included when a Calderbank offer is made:

  • The terms of settlement must be clear and it should be recorded that the offer is made as a “Calderbank offer”.
  • The offer must be genuine and set out your contention. An explanation must be given as to why the offer should be accepted. For example, in the case of a credit hire car claim, that the duration of hire is inconsistent with the repair duration.
  • It should be marked with the words “Without Prejudice Save As To Costs” (or something similar).  This means that the offer can be relied upon in Court when establishing which party will pay legal costs in a proceeding, but cannot be used by the other party to prove any concession or admission made in the offer.
  • It should record that indemnity costs will be applied for in the event a more favourable result is obtained.  This will allow an application being made, following the outcome of the hearing of the matter, for the other side to pay costs in certain jurisdictions above the normal scale costs (on an indemnity basis).
  • The time period open for acceptance of the offer must be noted and reasonable in the circumstances so as to allow the other party sufficient time to consider an acceptance of the offer.  The circumstances of each claim will determine how long a reasonable period would be, however in general a period of 14 days is reasonable within the context of a pre-litigation offer.

When I act for the party that is seeking a recovery, I usually end the offer with the paragraph “The offer is open for acceptance for a period of 14 days.  Should the offer not be accepted and my client obtains a judgment more favourable than the offer being made, then this correspondence will be used on the issue of costs with an application being made for indemnity costs or costs on a solicitor and client basis from the date of this correspondence.  Such application will be in accordance with the principles applied in Calderbank – v – Calderbank (1975) 3 ALL ER 333.”

When I act for the party who has to pay the other party’s claim, I end the offer with the paragraph “The offer is open for acceptance for a period of 14 days.  Should the offer not be accepted and your client obtains a judgment less favourable than the offer being made, then this correspondence will be used on the issue of costs with an application being made for indemnity costs or costs on a solicitor and client basis from the date of this correspondence.  Such application will be in accordance with the principles applied in Calderbank – v – Calderbank (1975) 3 ALL ER 333.”

 

About me (Fred van Reede) – I’ve been an insurance litigation lawyer for more than 20 years and I’m responsible for the William Roberts team that does all Queensland, South Australia and Western Australia matters.

‘Reliance on Third-Party Providers is Always a Risk’: ASIC’s Renewed Focus on Cybersecurity for Financial Institutions

Major cyber-attacks against Medibank and Optus in 2022 pushed cyber security to the forefront for many Australian businesses. Last month, the Australian Securities and Investment Commission (ASIC) chairman, Mr Joe Longo, in a speech to the Australian Financial Review Cyber Summit said that ‘cyber security and cyber resilience has got to be a top priority’ for all boards of financial institutions. Mr Longo warned that companies that don’t adopt an active approach to cyber security could incur civil penalties, both for directors and the company itself.

Lessons from ASIC v RI Advice Group Pty Ltd [2022] FCA 496

ASIC’s focus on cyber security from a corporate governance perspective follows its successful action against RI Advice Group Pty Ltd (RI Advice) in 2022, in which the Federal Court of Australia declared contravention of Sections 912(1)(a) and 912(1)(h) of the Corporations Act 2001 (Cth) (the Act) and ordered payment of ASIC’s costs to the tune of $750,000. RI Advice was also ordered to engage a cybersecurity expert to examine its systems at its own expense.

This finding was a result of several cyber security breaches occurring between 2014 and 2020, which in some cases resulted in the unauthorised access of customers’ personal information. RI Advice did not comply with its obligations to have adequate risk management systems in place (Section 912(1)(h)) and to provide its financial services efficiently, honestly and fairly (Section 912(1)(a) of the Act). In her Honour’s judgment, Rofe J recognised that cybersecurity risk has increased as ‘financial services are increasingly conducted using digital and computer technology’ and potential cyber threats now present ‘a significant risk connected with the conduct of the business and provision of financial services.’[1] Her Honour found that in order to comply with obligations relating to cybersecurity, a firm is required to:

  1. Identify the cyber security risk involved with providing financial services.
  2. Maintain documentation, controls and risk management systems to manage cybersecurity risk; and
  3. Assess cybersecurity risk in line with recommendations of those who have technical expertise in the area as opposed to public expectations.

Managing Risk from Third-Party Providers and Across the Digital Supply Chain

In his speech, Mr Longo emphasised the risk that reliance on third-party cybersecurity services poses for financial institutions. He noted that 44% of respondents to ASIC’s Cyber Pulse survey indicated that they did not manage third-party or supply chain risk, a cause for concern, as the liability still rests with the financial service provider should any risks eventuate. Mr Longo recommended that directors take a holistic approach and engage with their digital supply chain and third-party providers to ensure this risk is adequately managed. Mr Longo stated ‘cyber security and resilience are not merely technical matters on the fringes of directors’ duties… ASIC also expects [risk management] to include oversight of cyber security risk throughout your organisation’s digital supply chain.’[2] He warned that ‘if boards do not give cyber security and cyber resilience sufficient priority, this creates a foreseeable risk of harm to the company and thereby exposes the directors to potential enforcement action by ASIC’.

Director’s Liability and Disclosure Requirements

For directors to comply with their cyber security obligations, it is not a matter of having ‘impregnable systems’. As recognised by Mr Longo, ‘that’s not possible’. Instead, directors should ensure their firms are prepared to weather a cyber-attack through sufficient security, but also through adequate ‘cyber resilience’ – the ability of the firm to withstand and respond to the attack. This involves planning your cyber security approach, testing to identify any critical vulnerabilities, and continued evaluation of the systems put in place. The ever-evolving nature of technology means that a ‘set and forget’ approach could prove fatal. Doing so puts the company at risk, with the risk increasing each day that potential vulnerabilities are not addressed.

Not only does a failure to have adequate cybersecurity systems in place have the potential for large financial and reputational damage, to put companies and directors on risk for the regulatory enforcement action and to open the door to lengthy shareholder class action proceedings, but it also can attract disclosure obligations for listed companies. Typically, when the market discovers a company has been the subject of a cyber-attack, the company’s share price falls by about 5%.[3] The staggering impact of an attack on the market suggests that a cyber-attack is a material event, therefore falling under continuous disclosure requirements. This is a view shared by Mr Daniel Moran, the ASX’s chief compliance officer, who warned that listed companies should disclose what they know regarding a cyber-attack against them as early as possible. With this is mind, reviewing cyber strategy may be more important than you think.

ASIC’s Cybersecurity Outlook

ASIC’s renewed focus on cybersecurity measures taken by financial institutions comes in tandem with an increased willingness to seek court-based outcomes for breaches of this type. This could mean significant pecuniary penalties for the company or the personal liability of directors who do not adhere to their obligations.

Firms should remain vigilant and seek to evaluate their cybersecurity risk management systems internally, externally through their third-party providers and throughout their digital supply chain to avoid the disruption of a cyber-attack and potential enforcement action from the regulator. As put by Mr Longo, ‘measures taken should be proportionate to the nature, scale, and complexity of your organisation’ and should be reviewed on an ongoing basis.

[1] ASIC v RI Advice Group Pty Ltd [2022] FCA 496, [58] (Rofe J).

[2] Longo (n 1).

[3] Patrick Durkin, ‘Only 11 of 36 hacks revealed to market: ASIC warns on disclosure’, Australian Financial Review (online, 20 February 2023) <https://www.afr.com/technology/only-11-of-36-hacks-revealed-to-market-asic-warns-on-disclosure-20230216-p5cl28>.

 The content of this article is intended to provide a general guide to the subject matter. Specific advice should be sought about your specific circumstances.