$2.5 Million Fine for “Inadequate Cybersecurity”

Estimated Exposure: Client financial data breached. $2.5 million penalty.

What Happened: Fiig Securities — a financial services firm — ran “inadequate cybersecurity measures” for more than four years. Then they got hacked. ASIC took them to the Federal Court. Not the privacy regulator — the financial regulator. First time ever the Federal Court imposed civil penalties for cybersecurity failures under Australian Financial Services licence obligations.

The message: if you hold a licence, you hold a duty. Four years of knowing your security was shit and doing nothing about it now has a $2.5 million price tag. And ASIC has said publicly there are more actions coming.

Source: ASIC v Fiig Securities, Federal Court of Australia 2025

What Happened: $235,400 Gone — Victim Found Legally Liable – Legal Precedent, WA

Explore More Case Studies

$235,400 Gone — And the Victim Got the Blame. WA Court.

Estimated Exposure: $235,400 stolen. Only $43,000 recovered. Victim ordered to pay.

What Happened: Mobius Group sent a legitimate invoice to Inoteq — a WA resources company. Hackers intercepted the email chain and sent a near-identical invoice with different bank details. Inoteq paid $235,400 to the wrong account. Standard BEC attack. Happens every day. But heres the precedent: when Mobius sued, the WA District Court found that INOTEQ — the victim who got scammed — was partly liable. The court said they should have verified the payment details. First major Australian court ruling on BEC liability. The business that got defrauded was ordered to pay back the money.

The Message: “I didnt know” is no longer a defence in Western Australia. The courts have ruled. If you dont take reasonable steps to verify and protect, the liability lands on you — even when youre the victim.

Source: [2024] WADC 114, HWL Ebsworth Legal Analysis

What Happened: BEC invoice fraud. $235,400 stolen, only $43K recovered. WA District Court ruled the VICTIM was legally liable.

View Case Study

106 GB of Employee Data — Published. Perth Company.

Estimated Exposure: 106+ GB corporate and employee data exfiltrated and published on the dark web.

What Happened: Pressure Dynamics International — a WA-based hydraulics and industrial company servicing oil, gas, offshore, and defence — got hit by DragonForce ransomware in 2025. The attackers didnt just encrypt. They exfiltrated over 106 gigabytes of corporate and employee data before locking the systems. Then they published it. Employee records. Corporate documents. Client details. All of it — available to anyone who knows where to look. This is the kind of business Perth tradies work around every day. Supplying rigs, maintaining equipment, servicing the industries that keep WA running. If they can get hit, your business is not too small to be a target.

The Message: Automated scanners dont care what industry youre in. They scan every IP, every domain, every exposed service. If your website or systems have a known vulnerability, youre on the list. The only question is when.

Source: Cyber Daily Exclusive, 2025

What Happened: DragonForce ransomware hit a WA industrial company. 106+ GB exfiltrated and published.

View Case Study

Get Certified Before
You're the Next Headline

Dummy text

Start My Protection Now