The recent hacking attack at Microsoft should set off alarm bells at publicly listed companies because of the enormous damage a breach of security can do to stock prices, a leading business lawyer has warned.
Leif Gamertsfelder, a member of the Digital Industries Group at Deacons Lawyers, said the Microsoft attack demonstrates that the best technology is worthless if the human element of an organisation is not secure.
"All staff should be monitored for compliance with the organisation's e-security policy; failure to do so could lead to a breach and a need to report it to the Australian Stock Exchange (ASX)," Gamertsfelder said, referring to reports the Microsoft attack was the result of a QAZ Trojan.
"No company should spend huge amounts of money on technology and fail to take any action to secure the weakest point of the architecture - the employee."
Under Australian law, listed companies must disclose to the ASX information that would affect the price or value of the company's stock.
Gamertsfelder said disclosure would be required where a successful breach caused the directors of a listed company to believe that valuable intellectual property or confidential information in digital form had been tampered with or stolen.
He said directors should also consider whether a breach of e-security would result in profit forecasts not being achieved due to damage to information systems or whether substantial costs could be incurred in rectifying the breach.
"Rectifying the problem is very important because the cure in e-security cases can be much more expensive than prevention. In an e-security-sensitive economy it can cause enormous damage to stock prices," Gamertsfelder said.
"It is better to disclose the information because penalties for nondisclosure are severe including removal from the ASX list; it is a timely reminder to all listed companies to secure the human and computer interface and review e-security policies."