RI Advice CEO Peter Ornsby at the Licensee Summit.

Most organisations could be hacked within half an hour according to cybersecurity specialist Michael Connory, despite promises from chief executives they take cybersecurity seriously.

Speaking at the Professional Planner Licensee Summit in Katoomba recently, Security in Depth CEO Michael Connory said most organisations across Australia are oblivious to cyber security threats.

“When we talk about policies and procedures across Australia, 93 per cent don’t have an appropriate cybersecurity policy.”

Connory said at least 95 per cent of CEOs he has spoken to will openly assure him they take cybersecurity seriously.

“I can guarantee you that we can hack 100 per cent of those organisations in about half an hour.”

Testing liability

In May, the Federal Court found RI Advice breached its licensee obligations with a lack of cybersecurity risk management systems, which ASIC described as an Australian first.

RI Advice Group CEO Peter Ornsby previously told Professional Planner client data was stolen and likely sold to the black market.

Appearing at the summit in the same session, Ornsby said the experience has been an “eye opener” for the licensee.

“We have absolute responsibility over so much more than compliant advice and that is one of the challenges of being a licensee. Where do those responsibilities start and finish? Do they go further into workplace relations? It’s pretty far reaching.”

All practices operating under the RI Advice license have now conformed to the new protocols, Ornsby said, which took about nine months of work.

“We’re about to go through another annual review of every practice and that’s happening across the networks.”

Ornsby said it was a surprise the case made it through the court system, but the outcome created a “healthy precedent”.

“It was a test case. I understand where ASIC are going with this and there’s a whole lot of merit around it as well.”