In 2018, with the growth in Cyber Crime globally reaching losses of US$ 1.4 Trillion annually it is important to recognise that Australian Company Directors must comply with their legal obligations under the Corporations Act 2001. This is the case even if the director appoints an agent to look after the company’s affairs.
There are numerous and important legal responsibilities imposed on all Directors of Companies (Private & Public) under the Corporations Act 2001 and other laws, including the General Law.
Of these duties, some of the most significant in relation to the Cyber Security threat are:
To act in good faith in the best interests of the company and its shareholders for a proper purpose.
To exercise due care and diligence in the management of the company.
To inform themselves about the subject matter to the extent they reasonably believe to be appropriate;
To rationally believe that their judgment is in the best interests of the corporation.
Due Care is doing what a reasonable person would do in a given situation.
Due Diligence means providing demonstrated assurance that management is exercising adequate protection
of corporate assets, such as information and compliance with legal and contractual obligations.
Each decision of a director can be scrutinised against what could have been done to most benefit the company by that Director. Breaches of this duty allow a company to sue the Director for damages suffered.
Failure to provide Due Care and Due Diligence in terms of mitigation of the risk of the well publicised Cyber Attack landscape could find Directors in breach of their legal duties under the Act.
Password Management with Staff Education and ongoing Password Monitoring, is a simple, inexpensive, risk mitigation strategy that demonstrates solid Corporate Governance practices by CEO’s and Directors. These ‘Best Practices’ activities are supported evidentially by monthly password status reports and annual staff cyber awareness certifications. As an independent 3rd party provider, Avantia Cyber Security is able to demonstrate active risk mitigation against cyber attacks by its Clients in these areas.