ASIC reports on cyber resilience assessments of Australian financial markets firms
- Published: Friday, 01 December 2017 09:31
An ASIC report on the cyber resilience of over 100 firms operating across Australia's financial markets has shown a growing understanding of cyber risks, but there is still some progress to be made.
‘Report 555: Cyber resilience of firms in Australia’s financial markets’ collates and analyses the results of self-assessments from over 100 stockbrokers, investment banks, market operators, post-trade infrastructure providers and credit rating agencies.
ASIC Commissioner Cathie Armour said, “Cyber resilience is now widely regarded as one of the most significant concerns for the financial markets sector and the economy at large. Given the central role financial markets firms play in our economy, the cyber resilience of our regulated population is a key focus for ASIC.
“While our report shows greater engagement by firms on the issue, there is disparity between firms and insufficient investment in cyber resilience measures.
“Cyber resilience is not just an IT issue but one that requires a whole-of-organization response. The dynamic nature of cyber threats requires a comprehensive and long-term commitment to cyber resilience by all organizations operating in the Australian economy”, Ms Armour said.
Key insights from the assessments include:
- There is a growing understanding that cyber risk is a strategic, enterprise-wide issue that is on all organizations’ radars and is attracting increasing investment.
- The disparity between large firms and small-and-medium firms is reflective of their investment in cyber security, the period of time cyber security has been an investment priority, and the ability to acquire highly specialised skills.
- Larger firms have demonstrated a relatively high degree of cyber resilience.
- Small-and-medium firms are working towards developing their cyber resilience by investing in cyber security, but there is a long way to go.