About Us

We work collaboratively with our clients to build strong, sustainable relationships. Our team is committed to delivering consistent high standards of service, and we understand the importance of accessibility. Working with us, you'll enjoy open communication, meaning well scoped, properly resourced and effectively managed matters.

Learn More

Latest Case

Advising on market-changing divestments September 25, 2018

Maddocks  acted for the founder of Australia’s largest private pilot training school, Soar Aviation, on the group’s 50 percent sale to Australian private equity investor The Growth Fund. Soar Aviation was started in 2012 by … Continued

Latest News

Making a difference: Maddocks senior associate wins Australian Young Lawyer of the Year October 22, 2018

Monday 22 October 2018 Maddocks senior associate Tamsin Webster has been awarded the 2018 Australian Young Lawyer of the Year by the Law Council of Australia. Tamsin, a member of the firm’s Employment, Safety and … Continued

Latest Article

Government Procurement (Judicial Review) Act 2018 (Cth) expands scope for challenges to Commonwealth procurement decisions October 18, 2018

On 18 October 2018, the Senate passed the Government Procurement (Judicial Review) Bill 2017 (Cth) (the Bill) without amendment. The Bill received Royal Assent on 19 October 2018. The Government Procurement (Judicial Review) Act 2018 (Cth) … Continued

Six point cyber security check list for company directors and board members

The Corporations Act 2001 requires company directors and officers to discharge their duties with care and diligence. In its Cyber Resilience: Health Check, the Australian Securities and Investments Commission (ASIC) has clearly articulated its position on cyber security and directors’ duties, stating:

  • it considers board participation important to promoting a strong culture of cyber resilience1
  • a failure to meet obligations to identify and manage cyber risks may, if you are a director or officer of a company, result in you being disqualified from your role.2

So where do you start?

Our ‘Six Point Cyber Security Check List’ is intended to provide a high level entry point for company directors and board members to design strategies to meet their legal obligations on cyber security.3

Six Point Cyber Security Check List

 Issue Strategy
 1. Has your organisation implemented the Australian Signals Directorate’s Top 4 Cyber Risk Mitigation Strategies? The Australian Signals Directorate (ASD) suggests that implementing its Top four mitigation strategies to protect your ICT system can address up to 85 percent of targeted cyber intrusions.
 2. Ask your CIO the Cyber Security Operations Centre’s Questions Senior Management Need to be Asking about Cyber Security:
  • What would a serious cyber incident cost our organisation?
  • Who would benefit from having access to our information?
  • What makes us secure against threats?
  • Is the behaviour of our staff enabling a strong security culture?
  • Are we ready to respond to a cyber security incident?
 3. Take the ASIC ‘Cyber Resilience Health Check’ ASIC’s Cyber Resilience: Health Check contains a number of ‘Health Check Prompts’ which provide useful guidance as to the questions directors and officers can ask in assessing their organisation’s awareness of and preparedness for cyber security issues.
 4. Does your organisation collect or handle personal information? If so is it compliant with the Privacy Act 1988 (Cth)? Does your organisation meet the legal requirement to take such steps as are reasonable in the circumstances to protect personal information from misuse, interference and loss; and from unauthorised access, modification or disclosure? (Australian Privacy Principle (APP) no. 11)
 5. Does your organisation process card payments?  If so, is it (or its card payment processing service provider) compliant with the Payment Card Industry’s Data Security Standard (DSS): Requirements and Security Assessment Procedures?
 6. Is your organisation, your outsourced service providers and third party products used in your organisation compliant with applicable industry standards? For example, the ISO 27000 series of IT and cyber security standards published by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC). See ISO/IEC 27018:2014; ISO/IEC 27001:2015.

Need to know more?

Read our related article Six cyber security standards you need to know about if you are a company director or board member.

_________________

1. Cyber Resilience: Health Check (ASIC Report 429), para. 102, page 29.
2. Cyber Resilience: Health Check (ASIC Report 429), paras. 146 – 148, page 38.
3. For convenience, key references in this check list are hyperlinked to relevant source documents. For more detail, see our article ‘Six Cyber Security Standards you need to know about if you are a Company Director or Board Member’.

If you would like further information, please contact us.

Author
Sean Field web Sean Field | Special Counsel
T +61 3 9258 3397
E sean.field@maddocks.com.au

 

 

The Corporations Act 2001 requires company directors and officers to discharge their duties with care and diligence. In its Cyber Resilience: Health Check, the Australian Securities and Investments Commission (ASIC) has clearly articulated its position on cyber security and directors’ duties, stating:

  • it considers board participation important to promoting a strong culture of cyber resilience1
  • a failure to meet obligations to identify and manage cyber risks may, if you are a director or officer of a company, result in you being disqualified from your role.2

So where do you start?

Our ‘Six Point Cyber Security Check List’ is intended to provide a high level entry point for company directors and board members to design strategies to meet their legal obligations on cyber security.3

Six Point Cyber Security Check List

 Issue Strategy
 1. Has your organisation implemented the Australian Signals Directorate’s Top 4 Cyber Risk Mitigation Strategies? The Australian Signals Directorate (ASD) suggests that implementing its Top four mitigation strategies to protect your ICT system can address up to 85 percent of targeted cyber intrusions.
 2. Ask your CIO the Cyber Security Operations Centre’s Questions Senior Management Need to be Asking about Cyber Security:
  • What would a serious cyber incident cost our organisation?
  • Who would benefit from having access to our information?
  • What makes us secure against threats?
  • Is the behaviour of our staff enabling a strong security culture?
  • Are we ready to respond to a cyber security incident?
 3. Take the ASIC ‘Cyber Resilience Health Check’ ASIC’s Cyber Resilience: Health Check contains a number of ‘Health Check Prompts’ which provide useful guidance as to the questions directors and officers can ask in assessing their organisation’s awareness of and preparedness for cyber security issues.
 4. Does your organisation collect or handle personal information? If so is it compliant with the Privacy Act 1988 (Cth)? Does your organisation meet the legal requirement to take such steps as are reasonable in the circumstances to protect personal information from misuse, interference and loss; and from unauthorised access, modification or disclosure? (Australian Privacy Principle (APP) no. 11)
 5. Does your organisation process card payments?  If so, is it (or its card payment processing service provider) compliant with the Payment Card Industry’s Data Security Standard (DSS): Requirements and Security Assessment Procedures?
 6. Is your organisation, your outsourced service providers and third party products used in your organisation compliant with applicable industry standards? For example, the ISO 27000 series of IT and cyber security standards published by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC). See ISO/IEC 27018:2014; ISO/IEC 27001:2015.

Need to know more?

Read our related article Six cyber security standards you need to know about if you are a company director or board member.

_________________

1. Cyber Resilience: Health Check (ASIC Report 429), para. 102, page 29.
2. Cyber Resilience: Health Check (ASIC Report 429), paras. 146 – 148, page 38.
3. For convenience, key references in this check list are hyperlinked to relevant source documents. For more detail, see our article ‘Six Cyber Security Standards you need to know about if you are a Company Director or Board Member’.

If you would like further information, please contact us.

Author
Sean Field web Sean Field | Special Counsel
T +61 3 9258 3397
E sean.field@maddocks.com.au