Balance 1-21

Page 31

TECHNOLOGY

DANIEL BARAC INTERN WISELAW

Directors’ duties and cybersecurity

D

irectors of public and private companies have strict obligations to shareholders under the Corporations Act and common law. These duties are broadly categorised into two groups: duties of loyalty and good faith, and duties of care, skill and diligence. In a world where most communication is conducted online, particularly with the need to work from home, directors’ obligations to exercise reasonable care, skill, and diligence in their cybersecurity maintenance are more important than ever. However, despite the ever-growing presence of cyber risks to corporations, the relationship between directors’ duties and these risks is still yet to be examined closely in Australian courts. That said, directors can face liability for gross cybersecurity failures under the Corporations Act,1 the Privacy Act,2 or even, in cases where the Director is also a solicitor or barrister, the Solicitor Conduct Rules.3 Part of the duty of care and diligence is the need to weigh up the potential benefits of an activity against the foreseeable risks of that activity. Cyber-attacks are estimated to cost Australian

businesses $29 billion per year,4 so most Australian companies would likely identify this as a significant risk. Cybercrime is often damaging to reputation, incurs immediate and substantial costs, and can reduce share prices.5 The seriousness of these risks means that Directors have a high obligation to take reasonable steps to offset this risk. Section 180 of the Corporations Act 2001 obligates a director or officer of a corporation to exercise their powers with the degree of care and diligence that a reasonable person would if they had that role or responsibilities.6 But what would a reasonable person do? What standard of care is expected of directors, and how does this affect the need to exercise reasonable care to ensure the company remains protected against cybercrime? Daniels v Anderson states that, at minimum, directors must acquire a basic understanding of the business.7 In a cybersecurity context, they must understand the risk profile associated with their particular industry and understand the relevance of the basics of cyber‑attacks and how an attack may infiltrate business data. For example, Directors of companies in financial and healthcare sectors may need to understand that, due to the sensitive nature of the client information they store, their risk profile is >

LAW SOCIETY NT BALANCE EDITION 1|21

31

Turn static files into dynamic content formats.

Create a flipbook

Articles inside

Federal Court

8min
pages 55-57

High Court

11min
pages 51-54

Family Law

15min
pages 45-50

An update from Lawcover

5min
pages 37-39

Simple things you can do to lead a life of meaning and purpose

3min
pages 35-36

Supreme Court

4min
pages 43-44

Let’s close the super gap

6min
pages 40-42

Is it time to change jobs?

4min
pages 33-34

Directors’ duties and cybersecurity

3min
pages 31-32

New service: Migration and family violence advice for women

5min
pages 28-30

Coercive control, social entrapment and criminalised women

16min
pages 20-27

Women lawyers news and updates

2min
pages 12-13

From the CEO: Society news and updates

3min
pages 8-9

Criminal Lawyers Association of the Northern Territory: Coercive control, domestic violence and our unique jurisdiction

3min
pages 10-11

Young lawyers news and updates

3min
pages 14-15
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.
Balance 1-21 by Law Society NT - Issuu