Support 1300 669 220

RI Advice: A Landmark Case for Cybersecurity and the Law

A recent decision by the Federal Court ruled that RI Advice, a financial services provider, was in breach of its legal obligations. The crime? Not protecting its client data against cyberattack.

If you’re in the financial services sector, then hopefully you already know about the importance of a good cybersecurity strategy. Hackers are ultra-determined to get hold of your customer data, and they’re coming up with new schemes every day. The only way to keep your business safe is to stay alert and informed, ideally with expert IT support. That’s something we often talk about on this blog.

But good cybersecurity isn’t just common sense – it’s actually a legal obligation. A recent ruling from the Federal Court here in Australia made this very clear. Read on to find out more about this decision and how it can affect your business.

The case of RI Advice

In our digital age, more and more companies are providing financial services online. The advantages of going digital are obvious. You can work with clients across a much bigger geographical area, you can communicate flexibly in real time, and there’s no need to worry about present or future pandemic restrictions.

However, storing and sending client data online brings some major risks. Clicking on just one phishing email – or logging on from an unprotected network – can be enough to give hackers access to your entire customer database. The criminals can use that data to harass your clients, steal identities, clear out bank accounts, and cause you serious financial and reputational damage.

That’s what happened with RI Advice, which provides financial services to clients via a network of representatives. Over six years from 2014 to 2020, there were repeated security issues. These included email hacking and a direct brute-force attack on one of the representative’s servers. With no adequate protection in place, that brute-force attack went undetected for four months.

Risk management is a must

With so many vulnerabilities in the system, RI Advice’s clients were unknowingly putting their data at serious risk. Any IT professional will tell you that failing to protect against cybercrime is as good as inviting the hackers in. And the Federal Court agreed. 

In May 2022, they ruled that the company’s lack of adequate cybersecurity measures was a breach of its legal obligation to provide financial services “efficiently, honestly and fairly”. RI Advice was ordered to pay $750,000 to the Australian Securities and Investments Commission, which brought the lawsuit.

But this wasn’t just a financial blow. The landmark case has been reported extensively by Australian and global media. Type “RI Advice” into Google, and you’ll see that reports of the ruling dominate the search results. So what can you do to avoid this kind of damage to your own financial services business?

Manage, document, control

The Federal Court identified three elements that were missing from RI Advice’s cybersecurity strategy: risk management, documentation, and controls. This three-pronged approach is the only way to keep your customers’ data safe in the long term. It’s also very demanding and requires time, investment and expertise.

The good news is that a reliable IT support partner like Perigon One can make sure you stay ahead of the hackers – and in step with the law. As well as cybersecurity services, we also offer security awareness training to ensure that every member of your team is informed, alert, and using best practice.

Interested? Just get in touch for a free no-obligation chat.