The Australian Securities and Exchange and Investment Committee (ASIC) has sued Fortnum Private Wealth Limited financial advice, arguing that it failed to manage and mitigate the risks to cyber security.
In the Proceedings submitted to the NSW Supreme Court, ASIC claims that Fortnum did not meet its obligations as the Australian Financial Service (AFS), because it failed to have adequate policies, frameworks, systems and controls that apply to dealing with cyber risks.
As a result, ASIC claims that Fortnum has exposed the company, its authorized representatives (Ars) and ARS customers at an unacceptable level of risk of cyberspace or cyberspace.
While Fortnum has introduced a specific cyber security policy since April 2021, ASIC argues that policy was insufficient response to cyber security risk management.
Before revising Fortnum its policy in May 2023, many of his ARS has encountered cyberspace. One of them was a cyberspace who claims that Asic led to a large violation and saw the data of more than 9,000 customers published on The Dark Web.
As part of the action, Asic claims that Fortnum did not have:
- require Ars to take on a defined minimum amount of training or training in cyberspace,
- adequately supervises or monitors the risk management framework in the cyberspace of ARS,
- They have employees with specialized expertise or cyber security experience or participate in a consultant with appropriate experience to help develop cyber security policy and security policy
- They have a risk management system that concerned cyber security or policies, frameworks, systems or controls that allowed the identification and assessment of cyberspace dangers in all ARS.
The regulator is looking for a statement and a fine against Fortnum.