New Guidance Released For Australian Listed Companies On Continuous Disclosure Obligations During A Cyber Incident

KG
K&L Gates

Contributor

At K&L Gates, we foster an inclusive and collaborative environment across our fully integrated global platform that enables us to diligently combine the knowledge and expertise of our lawyers and policy professionals to create teams that provide exceptional client solutions. With offices spanning across five continents, we represent leading global corporations in every major industry, capital markets participants, and ambitious middle-market and emerging growth companies. Our lawyers also serve public sector entities, educational institutions, philanthropic organizations, and individuals. We are leaders in legal issues related to industries critical to the economies of both the developed and developing worlds—including technology, manufacturing, financial services, health care, energy, and more.
Australia's corporate regulator, ASIC, has released new guidance on how to comply with market disclosure requirements when a listed company is in the middle of investigating and responding to a cyber incident.
Australia Technology
To print this article, all you need is to be registered or login on Mondaq.com.

Australia's corporate regulator, ASIC, has released new guidance on how to comply with market disclosure requirements when a listed company is in the middle of investigating and responding to a cyber incident.

The example appears in updated Guidance Note 8 Continuous Disclosure: Listing Rules 3.1 – 3.1B. It illustrates how existing ASX policy applies to a hypothetical data breach scenario, including commentary on the Listing Rule 3.1A exception, contents of the company's potential announcements, confidential engagement with relevant authorities, and trading halts/voluntary suspensions, in the context of the hypothetical scenario which unfolds throughout the example (much like the continuous developments and unfolding knowledge that occurs throughout a real data breach).

A marked up copy of the Guidance Note can also be viewed here. The potentially different scenarios (and ASX commentary) which often arise in a data breach as regards the requirement for compliance with the ASX Continuous Disclosure obligations commences at page 90 in this link.

The updated Guidance Note takes effect from 27 May 2024.

In part this is a reminder of yet another layer of complexity in the increasing compliance obligations on companies facing cybersecurity risks; but if saved in your data breach response plan it may in time prove a valuable and repeatedly visited resource for leaders of public companies to help guide them through a crisis.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More