Cyber security isn’t a set and forget matter!

04/04/2025

Security

On 13 March 2025, the Australian Securities and Investment Commission (ASIC) announced they had launched legal proceedings against an investment firm, FIIG Securities Limited (FIIG). ASIC alleged FIIG had failed to implement adequate cybersecurity measures over four years, resulting in hackers infiltrating their IT network and stealing highly sensitive customer information.

The Australian Cyber Security Centre (ACSC) contacted FIGG about a potential cyber security incident on 2 June 2023. However, ASIC determined that FIGG failed to investigate and respond to the incident in a time-sensitive manner. Instead, ASIC allege FIIG took almost a week to respond and despite numerous firewall email alerts flagging suspicious activity, they had not been aware of the incident before ACSC made contact.

ASIC further allege that not only did FIIG lack adequate cybersecurity measures, human error also played a part in the cyber intrusion, where a FIGG employee downloaded a .zip file containing malware whilst browsing the internet, ultimately allowing the hacker to remotely access FIIG’s network and steal customer information.

This raises alarm bells for businesses and organisations that have an online presence and handle any form of personal information such as names, addresses, birth dates, tax file numbers and passports, which is almost inevitable today. Therefore, this should serve as a reminder to proactively take action and regularly check the adequacy of your cybersecurity measures and have a suitable cyber risk management system, including a cyber incident response plan in place, whether you required by law or not.

There are various measures you can consider when improving your cyber security such as:

  • using multi-factor authentication;
  • updating software and operating systems;
  • having appropriately configured and monitored firewalls;
  • providing mandatory staff training on cyber security awareness;
  • engaging dedicated resources specialised in cyber security;
  • joining Australian Signal Directorate’s free Cyber Security Partnership Program to receive alerts and to stay updated on the latest cyber threats and best-practice advice.

These are just some examples that you should consider when reassessing your current cyber security measures or if you are just starting out. As emphasised by ACSC, having “cybersecurity isn’t a set and forget matter”! So, remember to proactively and regularly check the adequacy of your cyber security measures and follow the advice provided by ACSC.

Griffin Legal has a large privacy, cyber and data governance team and is experienced at supporting clients through cyber incident responses. Please get in touch with our team to discuss how to plan for and manage a breach at your agency or business.

Sources:

25-035MR ASIC sues FIIG Securities for systemic and prolonged cybersecurity failures | ASIC

ASIC v FIIG Securities Limited – Concise statement (sealed)

Protecting your business and employees | Cyber.gov.au

Contact Us

Related Articles

Parental Leave for Casual Employees

For casual employees the unpredictability of their employment can be a major source of stress as often casual employees miss out on many of the entitlements that full-time and part-time employees enjoy. For many, this concern is further exacerbated when they learn that they are about to become a parent. It should therefore be of …
Read more

Purchasing an Off-the-Plan Property

The interest in “off-the-plan” properties is ever increasing and is becoming more popular for buyers. An off-the-plan purchase is one where the Buyer enters into a contract to purchase a property that has not yet been constructed. Due to the prolonged settlement period for an off-the-plan purchase it is imperative for buyers and sellers to …
Read more