The Australian Securities and Investments Commission (ASIC) has reported an improvement in the cyber resilience of financial firms operating in the Australia’s markets.
ASIC released its Cyber resilience of firms in Australia’s financial markets: 2018–19 (REP 651) report, which provides an update on organisations’ cyber resilience capabilities in the two years since the corporate regulator’s last assessment (REPP 555) was published in 2017.
The assessments revealed that the gap between large firms and small-to-medium enterprises (SMEs) identified in REP 555 is gradually closing, with the overall improvement in cyber resilience across the industry largely driven by SMEs. The report also found that larger firms have continued to refine and improve their cyber resilience through targeted investment; while supply chain risk management has now become accepted as an industry-wide challenge that requires attention over the next period.
“The cyber resilience of firms operating in Australia’s markets has improved since Report 555, with all firms recognising cyber risk as a strategic, organisation-wide issue that is attracting increasing investment,” said Cathie Armour, ASIC commissioner. “However, while the cyber resilience of firms has improved, firms have struggled to meet the targets in Report 555. Continued investment and strong leadership from senior management is critical to ensuring a firm’s ability to meet these targets and maintain strong cyber resilience.”