Cyber resilience is now widely regarded as “one of the most significant concerns” for the financial services industry, according to a new report released by the Australian Securities and Investments Commission (ASIC).
The industry-wide report focuses on the cyber resilience of a sample of “important financial organisations” — including the Australian Securities Exchange (ASX) and Chi-X — and advocates for the enforcement of good practices in financial services institutions’ management of their cyber-security obligations.
Given the central role that financial market infrastructure providers play in the Australian economy, ASIC commissioner, Cathie Amour, said that the cyber resilience of Australia’s “regulated population” is a key focus moving forward.
“Because of the dynamic nature of the cyber threat landscape, a comprehensive and long-term commitment to cyber resilience is essential to assist all organisations and the Australian economy to manage this threat,” Amour said.
ASIC’s latest report includes aggregated data from self-assessments undertaken by organisations in the financial services sector, providing a snapshot of their current state of cyber resilience.
The report found that to date both ASX and Chi-X have met their statutory obligations to have “sufficient resources” for the management of cyber resilience, however ASIC argued that a “consistent industry-wide” approach to address developing cyber threats and improve overall practices.
Key recommendations from the report include:
- Recognition from the wider financial services sector of the growing threat to cyber security and the need to refine systems and processes to prevent and address critical issues;
- Greater focus on comprehensive and ongoing board engagement and responsive government practices that are clearly aligned with an organisation’s wider strategy;
- Senior management executives in financial services organisations to closely manage cyber risk from both internal and third-party sources, establish robust collaboration and information-sharing networks to access the best defensive intelligence and technology; and
- The widespread organisational implementation of thorough cyber awareness training programs.
