Directors' Responsibilities

Directors' Responsibilities

Exposure overview

“ASIC expects directors to ensure their organisation’s risk management framework adequately addresses cyber security risk, and that controls are implemented to protect key assets and enhance cyber resilience. Failing to do so could mean failing to meet your regulatory obligations.”
Joe Longo - ASIC chair - AFR Cyber Summit in September 2023.

The Law

Australian directors have significant legal responsibilities regarding cyber risk. Here are some key points:

  • Duty of Care and Diligence: Under Section 180 of the Corporations Act 2001, directors must act with reasonable care and diligence. This includes being proactive about cyber security and ensuring that appropriate measures are in place to protect the company's data and systems.
  • Privacy Obligations: Directors must comply with the Privacy Act 1988, which includes the Notifiable Data Breaches scheme.
  • ASIC's Focus: Directors of entities that hold an Australian Financial Services License (“AFSL”) are also subject to general and specific obligations under the Corporations Act. The Federal Court of Australia consent orders in ASIC v RI Advice, confirmed this includes having in place risk management systems and controls to manage business risks.

Scale of the problem

Director's liability for cyber breaches is a growing exposure. With the increasing frequency and severity of cyber attacks, regulators and stakeholders are placing more emphasis on the accountability of directors and officers for cyber security measures.

Exposure Mitigation

Directors and senior officers need to proactively tackle oversight and management of cyber risk. Mitigation should be considered with their wider security programme and the advice received from their IT security adviser:

  • Set clear roles and responsibilities at board level.
  • Develop, implement and evolve a cyber strategy.
  • Embed cyber security in risk management practices.
  • Promote a culture of cyber resilience.
  • Plan for a cyber-security incident.

Insurance Solution

Cover 2.e: Directors & Officers Liability

Any Damages or Defence Expenses, that any director or officer of the Insured, is legally obligated to pay in respect of any actual or alleged error, omission, misstatement, misleading statement, neglect or breach of duty, arising out of a Third Party Claim against any director or officer of the Insured, while they are acting in their capacity during the Period of Insurance, provided that the Third Party Claim is a direct result of a Security Breach or Privacy Breach.

Related Directors' Responsibilities Content

Article

Regulators warn directors to step up on cyber threats - AICD

Article

Why are cyber risks for directors going up?

Article

Australia’s Cyber Security Bill 2024: What Company Executives and Directors Need to Know

View All Insights
  • Home
  • Team
  • Product
  • Exposure Explorer
  • Incident Response
  • Insights
  • Contact
  • Terms & Conditions
  • Privacy Policy
  • Cookie Settings

    • Complaints & Disputes: PDF
    Family Violence & Supporting Vulnerable Customers Policy: PDF
    Financial Hardship: PDF

    © Sync Underwriting Pty Ltd, All rights reserved 2025.

    Sync Underwriting Pty Ltd, ABN 17 678 294 712
    distributes and administers cyber insurance
    on behalf of insurer
    Tokio Marine & Nichido Fire Insurance Co., Ltd.,
    ABN 80 000 438 291, AFS Licence No. 246548.
    Sync Underwriting is a Corporate Authorised Representative,
    CAR No. 1312389 of Halo Underwriting Pty Ltd,
    ABN 48 008 497 318, AFS Licence No. 237267.

    Platform by: www.shapeable.com

    Powered ByRhodian Logo