Adviser Innovation logo
Advisor Inovation logo
New cyber laws will affect advisers

New cyber laws will affect advisers

author image
By Larissa Waterson ·
February 24 2017

New cyber laws will affect advisers

Financial advisers will need to pay closer attention to their security measures and damage control processes after a new cyber law passed the Senate, according to Aon Australia.

The new laws laid out in the Privacy Amendment (Notifiable Data Breaches) Bill 2016 mean advice practices who experience a cyber breach have 30 days to notify the Officer of the Australian Information Commissioner (OAIC) as well as all clients affected, said Aon Australia national practice leader of cyber risk Fergus Brooks.

"We've been waiting for this bill for more than four years," Mr Brooks said.

"If an advice business fails to disclose a breach, they will be looking at fines to the tune of $1.8 million, which could multiply depending on the amount of data lost," Mr Brooks said.

Previously, under the Privacy Act 1988, businesses did not have to disclose data breaches.

The new mandatory disclosure law is set to trigger more movement within the advice sector around cyber security as breaches can no longer be concealed from public knowledge, and businesses now face a greater risk of reputational damage, Mr Brooks said.

"The single biggest risk to an advice business is the damage to brand and reputation because they rely on client trust," he said.


"Advisers also hold an enormous amount of Personal Financial Information (PFI) - so not just client identities and contact details, but information on what investments a client makes, how much money they have - all of which is extremely valuable information for organised cyber criminals."

Advisers need to look at their security posture and, if they don't know what the gaps are, get a risk assessment done, Mr Brooks said.

According to Mr Brooks, 80 per cent of the claims his firm receives are in regard to CryptoLocker attacks - a type of ransomware attack.

"Have an incident response plan in place in case something does go wrong (this could be a one-page document) and ensure your staff are educated and aware," he said.

"What you do in the first critical minutes after you have an incident will determine how well you can save your brand and reputation."

Unable to extract YouTube ID from URL
Forward this article to a friend. Follow us on Linkedin. Join us on Facebook.
Find us on Twitter for the latest updates

Subscribe to our Newsletter

We Translate Complicated Financial Jargon Into Easy-To-Understand Information For Australians

Your email address will be shared with nestegg and subject to our Privacy Policy

latest articles