ASIC targets cyber resilience with new report
Cyber resilience is now widely regarded as "one of the most significant concerns" for the financial services industry, according to a new report released by the Australian Securities and Investments Commission (ASIC).
The industry-wide report focuses on the cyber resilience of a sample of "important financial organisations" — including the Australian Securities Exchange (ASX) and Chi-X — and advocates for the enforcement of good practices in financial services institutions' management of their cyber-security obligations.
Given the central role that financial market infrastructure providers play in the Australian economy, ASIC commissioner, Cathie Amour, said that the cyber resilience of Australia's "regulated population" is a key focus moving forward.
"Because of the dynamic nature of the cyber threat landscape, a comprehensive and long-term commitment to cyber resilience is essential to assist all organisations and the Australian economy to manage this threat," Amour said.
ASIC's latest report includes aggregated data from self-assessments undertaken by organisations in the financial services sector, providing a snapshot of their current state of cyber resilience.
The report found that to date both ASX and Chi-X have met their statutory obligations to have "sufficient resources" for the management of cyber resilience, however ASIC argued that a "consistent industry-wide" approach to address developing cyber threats and improve overall practices.
Key recommendations from the report include:
- Recognition from the wider financial services sector of the growing threat to cyber security and the need to refine systems and processes to prevent and address critical issues;
- Greater focus on comprehensive and ongoing board engagement and responsive government practices that are clearly aligned with an organisation's wider strategy;
- Senior management executives in financial services organisations to closely manage cyber risk from both internal and third-party sources, establish robust collaboration and information-sharing networks to access the best defensive intelligence and technology; and
- The widespread organisational implementation of thorough cyber awareness training programs.
Recommended for you
Financial Services Minister Stephen Jones has shared further details on the second tranche of the Delivering Better Financial Outcomes reforms including modernising best interests duty and reforming Statements of Advice.
The Federal Court has found a company director guilty of operating unregistered managed investment schemes and carrying on a financial services business without holding an AFSL.
The Governance Institute has said ASIC’s governance arrangements are no longer “fit for purpose” in a time when financial markets are quickly innovating and cyber crime becomes a threat.
Compliance professionals working in financial services are facing burnout risk as higher workloads, coupled with the ever-changing regulation, place notable strain on staff.
