Last month, local firm RI Advice was found to have breached its licence obligations with the Federal Court ruling that it did not act efficiently and fairly when it failed to have adequate risk management systems to manage its cyber security risks. Shortly after ASIC called on listed businesses to re-assess cyber risks and make a “long-term” commitment to cyber awareness, with Greg Yanco – executive director, Markets at ASIC – saying that businesses must be ready to respond to online threats.
Speaking on a recent episode of the ifa Show podcast, Shane Bell, cyber partner at specialist advisory and restructuring firm, McGrathNicol, said cyber security should be a top three issue for advisers.
“I completely acknowledge and appreciate that there is a huge amount of competing risk issues at the most senior levels of organisations, where it’s hard to distil all that down and give everything a voice, but cyber security absolutely has to be there. I mean, you just have to think about how we all use technology now. It’s embedded in our lives,” Mr Bell said.
“If I’m a financial adviser, I’m doing things using technology every single day in my interactions with clients, in my upwards reporting. If I sit within a governance risk and compliance role within an advice firm, I’m using technology to manage my compliance programmes, et cetera, et cetera.
“So, technology is embedded in everything that we’re doing. And for that reason, cyber security has to be in some of the top risks that you’re considering. And so if that’s your starting position, which I think it should be, then I don’t think it has to be about choosing between cyber and something else. I think if you’ve got a good risk culture, then it’s about connecting cyber up to that.”
Mr Bell suggested a practice’s head of risk and compliance should lead this process, and to partner with internal and external business representatives.
He said that if firms and practices can embed cyber security in their business-as-usual (BAU) processes, that will serve them really well in blocking cyber threats.
“The challenge for a lot of people is they’ve forgotten about it, or they’ve ignored it, or they’re not quite doing what they need to do on cyber security,” Mr Bell said.
“So it feels like it’s derailing things that are BAU, but it’s just a bit of a growing pain, right? I think you’ve got to do that in order to bring it to the maturity level that you’ll have for other parts of how you manage risk within a business.”
Listen to the full podcast with Mr Bell here.
