It's not just cyber security, it's cyber resilience and cyber regulation
As many have realised, it’s not a question of ‘if’ but ‘when’ a cyber security breach happens. The scale, speed and impact of cyber security breaches means that you need to be prepared to act on the assumption that a cyber security breach will occur, and to ensure that your organisation is resilient enough to recover from the breach. This requires planning and testing your business continuity and cyber breach plans to make sure that your organisation can continue to operate effectively even if there is a very significant incident that incapacitates your IT systems. ASIC has put Boards on notice that it expects them to ensure that their organisations pay sufficient attention and devote adequate resources to cyber security and cyber resilience.
And, if its not enough dealing with the impact of a cyber breach from a resilience perspective, you also have to deal with the regulatory implications of a cyber security incident. These range from ASX notifications under continuous disclosure obligations for listed entities, to notifications of regulators (the OAIC, the CISC and APRA) under a range of statutory notification obligations.
Our team has been advising clients involved in two of the most significant breaches in recent times on navigating through this maze of issues, as well as on the regulatory investigations, representative claims and class actions that have resulted from those breaches.
OUR CYBER SECURITY INSIGHTS
APRA has finalised CPS 230: The clock is ticking for regulated entities to comply with new requirements
On 17 July 2023, the Australian Prudential Regulation Authority (APRA) released the long awaited final Prudential Standard CPS 230 Operational Risk Management (CPS 230) following extensive industry consultation. CPS 230 will replace the current APRA Prudential Standards for Outsourcing (CPS 231 / SPS 231 / HPS 231) and Business Continuity Planning (CPS 232 / SPS 232) so that CPS 230 will become the core standard for APRA-regulated entities when outsourcing services and managing other operational risk (including business continuity).
03 August 2023
UK Supreme Court weighs in on APP scams
The UK Supreme Court in a landmark judgment (Philipp v Barclays Bank UK Plc [2023] UKSC 25) has unanimously held that a bank does not have a common law duty to customers to refrain from acting on their instructions where the bank believes the customer is the victim of an authorised push payment scam.
14 July 2023
Australian Government releases new Data and Digital Government Strategy
The Minister for Finance, Senator the Hon Katy Gallagher, recently launched for consultation a draft Data and Digital Government Strategy: The data and digital vision for a world-leading APS to 2030 (Draft Strategy). You’re invited to make comments on the Draft Strategy by 25 July 2023.
07 July 2023
Hong Kong’s new financial crime tool
Fraud is one of the thorniest problems for banks and their customers globally, with billions of dollars of leakage to opportunists, criminal syndicates and thieves. The Hong Kong Monetary Authority (HKMA) has recently announced Hong Kong’s newest institutional financial crime tool – FINEST. The initiative was launched in collaboration with the Hong Kong Police Force (HKPF) and The Hong Kong Association of Banks (HKAB). King & Wood Mallesons was delighted to serve as legal advisor on the project. This alert summarises the key points to know.
30 June 2023
Lifting our gaze: an update on the Australian space industry and satellite cyber security
The Australian space industry has cause for excitement after a joint statement issued by the Prime Minister of Australia and the President of the United States on 20 May 2023.
26 May 2023
KWM privacy bytes – Privacy Act Review Report individual rights
Released in February this year, the Government’s long-awaited Privacy Act Review Report (Report) contains 116 proposals for privacy reform. In this, our second article in the Privacy Bytes series, we take a closer look at the new individual rights the Report proposes to include or expand in the Privacy Act.
09 May 2023
International comparison of Cyber Security regulatory settings: KWM report commissioned by AICD
The increasing regularity of high-profile cyber incidents is a constant and costly reminder that effective cyber resilience is fundamental to realising the promised benefits of digitisation. Australia is among many countries seeking to reboot its cyber defences.
08 May 2023
Themes emerging from recent crypto attacks
We are barely finished with the first quarter of the calendar year and already we have seen multiple “hacks” in the crypto space that have resulted in the losses of over US$1 billion.
16 May 2022
Of charlatans and poor choices: how restrictions on crypto assets are growing worldwide
Yet the ancient origin of the word goes to the essence of today’s regulatory tension: ‘crypto’ has its origin in the Greek word ‘kruptos’, meaning ‘hidden’. Governments and regulators around the world are working to bring crypto assets into view.
22 February 2022
International comparison of Cyber Security regulatory settings - Summary
The increasing regularity of high-profile cyber incidents is a constant and costly reminder that effective cyber resilience is fundamental to realising the promised benefits of digitisation. Australia is among many countries seeking to reboot its cyber defences.
OUR PRIVACY INSIGHTS
Europe’s AI regulation gets real : what to know (and do) about the EU AI Act as it nears finalisation
More than two years ago, the European Union (EU) released the first draft of the Artificial Intelligence Act (AI Act). This was the first significant attempt at regulating AI on a large scale. In June, it passed a major milestone bringing it closer to finalisation. There is some way to go, but the signs are clear. Our experts share what the AI Act means for companies worldwide – and why now is the time to start thinking about risk mitigation steps.
26 June 2023
KWM privacy bytes – Privacy Act Review Report individual rights
Released in February this year, the Government’s long-awaited Privacy Act Review Report (Report) contains 116 proposals for privacy reform. In this, our second article in the Privacy Bytes series, we take a closer look at the new individual rights the Report proposes to include or expand in the Privacy Act.
09 May 2023
Developments in the regulation of Artificial Intelligence
Artificial intelligence (AI) has captured the attention of the world over the last 12 months. From AI chatbots to AI-generated art and inventions, AI has the potential to radically transform our economy, our society, and humanity.
19 April 2023
ChatGPT and the Importance of AI Governance
ChatGPT, the artificial intelligence chatbot developed by OpenAI, has become the fastest growing consumer product in history, reaching 100 million monthly active users within a mere 2 months of its launch. It has caused shockwaves across the education, media and marketing industries and has stoked fears of broader job losses amongst white collar workers.
14 April 2023
KWM Privacy Bytes - Privacy Act Review Report: Collecting and using of personal information
The Government’s long-awaited Privacy Act Review Report contains 116 proposals for reform. While not fundamentally changing the current principles based approach, these proposals will require a step change in how Australian companies collect and use personal information.
30 March 2023