ASIC guidance on basic communication principles in the event of a cyber incident

While the below principles are consistent with guidance from the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC), entities are encouraged to develop communications plans that suit their needs and those of their stakeholders.

• Providing timely and accurate communication

• Providing accurate and specific information

• Communicating directly with impacted individuals and organisations

• Creating a prominent alert on your corporate homepage or customer-facing portal about the nature of the cyber incident

• Provide a set of frequently asked questions (FAQs)

• Notify other agencies

These principles are consistent with guidance from the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC), entities are encouraged to develop communications plans that suit their needs and those of their stakeholders.

https://asic.gov.au/about-asic/corporate-publications/newsletters/market-integrity-update/miu-issue-163-november-2024/

Boards and directors must ensure cyber risk management and cyber resilience processes are in place to ensure that cyber incidents are avoided, detected and managed appropriately. This includes cyber risk management and resilience. Failure to do so risks enforcement action for breach of licensee obligations and directors’ duties.