The Australian Securities and Investments Commission (ASIC) has published Report 429 Cyber resilience: Health Check (REP 429) to help its regulated population improve cyber resilience.
Report 429 highlights the importance of cyber resilience to ASIC’s regulated population, to support investor and financial consumer trust and confidence and ensure markets are fair, orderly and transparent.
ASIC chairman Greg Medcraft said: “Cyber attacks are a major risk for ASIC's regulated population and that means cyber resilience is an area of ASIC focus. The electronic linkages within the financial system mean the impact of a cyber attack can spread quickly—potentially affecting the integrity and efficiency of global markets, and trust and confidence in the financial system.
“This report outlines some ‘health check prompts’ to help businesses review their cyber resilience—including flagging relevant legal and compliance requirements, particularly on risk management and disclosure.
“We encourage businesses, particularly where their exposure to a cyber attack may have a significant impact on financial consumers and investors or market integrity, to consider using the United States' NIST Cybersecurity Framework to manage their cyber risks or stocktake their risk management practices.
“We will consider incorporating cyber resilience in our surveillance programs, across our regulated population.”
ASIC's report also encourages collaboration with industry and the government to ensure cyber attack responses can be co-ordinated and information on risks shared.