Brought to you by:

ASIC calls for action on cyber resilience

Businesses should assess and improve their cyber resilience as attacks increase, the Australian Securities and Investments Commission (ASIC) warns.

The regulator has released a cyber “health check” report to help companies respond to the growing threat.

Cyber attacks are now considered a systemic risk for the financial system.

While it is impossible to protect against all cyber risks as attacks become more complex and sophisticated, resilience can help businesses survive and recover.

“Effective cyber resilience requires initiative and a commitment of resources to assess and develop appropriate strategies, including planning responses to a cyber attack,” the report says.

“You should seize the opportunity to assess your threats and vulnerabilities now, and understand where and how your most valuable information is held.”

ASIC notes there is increasing appetite for specialist cyber insurance, because business continuity or professional indemnity cover may not be adequate.

Chairman Greg Medcraft says cyber attacks are a major risk for ASIC-regulated businesses.

“The electronic linkages within the financial system mean the impact of a cyber attack can spread quickly – potentially affecting the integrity and efficiency of global markets, and trust and confidence in the financial system,” he said.

“This report outlines some health check prompts to help businesses review their cyber resilience – including flagging relevant legal and compliance requirements, particularly on risk management and disclosure.”