Brought to you by:

Businesses falling short on cyber resilience: ASIC

A cyber-resilience self-assessment conducted in the financial markets sector shows room for improvement, the Australian Securities and Investments Commission (ASIC) says.

“While our report shows greater engagement by firms on the issue, there is disparity between firms and insufficient investment in cyber-resilience measures,” Commissioner Cathie Armour said.

“Cyber resilience is not just an IT issue, but one that requires a whole-of-organisation response.

“The dynamic nature of cyber threats requires a comprehensive and long-term commitment to cyber resilience by all organisations operating in the Australian economy.”

The survey shows small-medium businesses in the sector are not faring as well as their larger counterparts in building cyber-resilience policies.

About 40% of small-medium businesses report shortcomings in monitoring and detection practices, and are looking to improve this area in the next year to 18 months. Almost half say they find information risk management challenging.

One small-medium respondent says it has no formal policy for monitoring and detecting cyber threats.

ASIC intends to raise awareness of cyber risks by providing practice guidance and key questions for boards.

The regulator will also measure levels of cyber resilience in financial markets, collaborate with regulated businesses and conduct conversations with those that appear challenged.