Monday, 5 September 2022

“Cyber class action matters are unfolding at pace.”

Cybersecurity expert, Brendan Read, recently spoke with Lawyers Weekly’s Lauren Croft about the increasing number of cyber class actions seen overseas and expected in Australia. “In the US and Canada, in particular, class actions against corporations following breaches of sensitive personal and business data are increasing,” he said.

Brendan joined fellow industry experts in sharing their insights into this evolving trend. “Class actions greatly magnify the financial and reputational losses caused by cyber breaches. Payouts to consumers and shareholders are running into the hundreds of millions of dollars. The sheer size of the damages paid out overseas is a clear signal that similar lawsuits will be seen in Australia and that Australian organisations should be moving quickly to mitigate the risks. Once a precedent is set here, we expect the floodgates will likely open,” he said. Monisha Sequeira, Allens partner, echoed this and reiterated that the large number of people affected by cybersecurity incidents, and the significant losses typically suffered, certainly increase the likelihood of cyber class actions being pursued in Australia.

Jason Symons, cyber risk and insurance partner at Mills Oakley, noted that, even with this increase expected, some plaintiffs may be deterred by the range of unknown factors, particularly where a tort for invasion of privacy has not been successfully tested. Whereas, Valeska Bloch, head of cyber at Allens, highlighted the importance of the Attorney-General’s proposed changes to the Privacy Act, expected to increase individual protections and enhance data handling accountability.

Mr Read, Mr Symons, Ms Sequeira and Ms Bloch discussed the recent cases illustrating how increased regulatory scrutiny and the implementation of mandatory reporting laws signpost the expected changes and the requirement for organisations to prepare. Mr Read said, “Cyber crime continues to evolve, as does the governing legislation. Firms are given no option but to analyse their cybersecurity posture and evaluate risk management policies and frameworks.”

Read the full article, as published by Lawyers Weekly, here.