New cyber law, which passed through Senate recently, means advisers will now have to pay more attention to security measures and damage control or face heavy fines and loss of reputation.
Speaking to ifa, national practice leader of cyber risk at Aon Australia, Fergus Brooks, said the new laws laid out in the Privacy Amendment (Notifiable Data Breaches) Bill 2016 mean advice practices who experience a cyber breach have 30 days to notify the Officer of the Australian Information Commissioner (OAIC) as well as all clients affected.
“We’ve been waiting for this bill for more than four years,” Mr Brooks said.
“If an advice business fails to disclose a breach they will be looking at fines to the tune of $1.8 million, which could multiply depending on the amount of data lost,” Mr Brooks said.
Previously, under the Privacy Act 1988, businesses did not have to disclose data breaches.
The new mandatory disclosure law is set to trigger more movement within the advice sector around cyber security as breaches can no longer be concealed from public knowledge and businesses now face a greater risk of reputational damage, Mr Brooks said.
“The single biggest risk to an advice business is the damage to brand and reputation because they rely on client trust,” he said.
“Advisers also hold an enormous amount of Personal Financial Information (PFI) - so not just client identities and contact details, but information on what investments a client makes, how much money they have - all of which is extremely valuable information for organised cyber criminals.”
Advisers need to look at their security posture and, if they don’t know what the gaps are, get a risk assessment done, Mr Brooks said.
According to Mr Brooks, 80 per cent of the claims his firm receives are in regard to crypto locker attacks - a type of ransomware attack.
“Have an incident response plan in place in case something does go wrong (this could be a one-page document) and ensure your staff are educated and aware,” he said.
“What you do in the first critical minutes after you have an incident will determine how well you can save your brand and reputation.”
SUBSCRIBE TO THE IFA DAILY BULLETIN
- 20 Jul 2018CPA shuts financial advice divisionBy Reporter
- 20 Jul 2018Don't neglect AI, advisers warnedBy Tim Stewart
- 19 Jul 2018AMP unveils new in-house training programBy Reporter
- 19 Jul 2018Self-licensed adviser cops 4-year ASIC banBy Reporter
- 19 Jul 2018Hub24 to launch new core offeringBy Reporter
- 19 Jul 2018SMSF sector warns about advice ‘exodus’By Miranda Brownlee
- view all