Australia: Judgment issued in ASIC v RI Advice including cybersecurity

On 5 May 2022, the Federal Court of Australia handed down a judgment in the case of the Australian Securities and Investments Committee (ASIC) v RI Advice Group, a financial advisor company. The Court ruled that RI Advice had failed to have the proper documentation and controls in place to constitute adequate cybersecurity risk controls after a number of cybersecurity incidents had potentionally compromised the personal data of thousands of clients. Basing its order on the consent of the parties, the Court ruled that RI Advice must hire cybersecurity experts to help it take measures to improve its shortcomings and pay a fine of AUD 750'000.