A decade in the making: The evolution of directors' cyber duties

Over the past decade the landscape of directors’ duties regarding cyber security has undergone significant transformation. This presentation will explore the evolution of these responsibilities since the Australian Securities and Investments Commission (ASIC) first issued guidance ten years ago, highlighting key milestones and regulatory developments.

In 2015, ASIC’s Cyber resilience: Health check emphasised the criticality of regulated organisations to manage their cyber risk. Since then, the regulatory environment has evolved considerably, with increasing expectations placed on directors to proactively manage cyber risks.

A pivotal moment in this evolution was the 2022 Federal Court decision in the case of ASIC v RI Advice Group Pty Ltd, a landmark case which underscored the legal obligations of directors to ensure their companies have adequate cyber security measures in place. The court’s decision highlighted that directors could be held personally liable for failing to act with reasonable care and diligence in managing cyber risks.

In recent years, ASIC has continued to emphasise the importance of cyber security. Looking ahead to 2025 and beyond, the responsibilities of directors in managing cyber risks are expected to become even more stringent. Emerging trends such as the sophistication of cyber threats, the rise of artificial intelligence in cyber-attacks, Australia’s new Cyber Security Act and the growing regulatory scrutiny will require directors to stay ahead of the curve. Directors will need to continuously update their knowledge and adapt their governance practices to address these evolving challenges.

This presentation is suitable for emerging and experienced directors, officers, and executives. Annie and Amanda will provide a comprehensive overview of the current state of directors’ duties in relation to cyber security and offer practical advice on how to navigate this complex landscape. They will identify go-to resources and provide actionable guidance to help attendees proactively adapt their governance practices to enhance cyber security frameworks, safeguarding their organisations in an increasingly digital world.