ASIC invites Australian entities to assess their cyber resilience

ASIC-regulated entities, including mid market businesses, publicly listed companies and other entities holding licences and authorisations, are invited to take part in a survey to measure cyber resilience in Australia’s corporate and financial markets.

The ASIC cyber pulse survey will be one of the largest conducted into Australia’s cyber resilience, and will measure entities’ current cyber security and controls, governance arrangements, and incident preparedness.

As the Department supporting the Minister for Cyber Security and the government’s mission to make Australia the world’s most cyber secure nation by 2030, the Department of Home Affairs is supportive of this survey and is looking forward to viewing the findings.

ASIC Executive Director, Markets, Greg Yanco said, ‘recent high-profile cyber attacks demonstrate the need for all businesses to have robust cyber capabilities. Cyber attacks are becoming more frequent and complex and are not limited to companies with large retail customer bases.’

‘Cyber attacks can disrupt an organisation’s business operations and result in financial, legal and reputational harm. The interconnectedness of our financial system can mean the impact of cyber attacks can spread well beyond a single entity. This self-assessment will provide valuable insights to entities on their own cyber resilience measures compared to their industry peers,’ said Mr Yanco.

ASIC has long taken a strong interest in the cyber resilience of Australian financial services and markets. ASIC expects directors of public companies to ensure their organisation’s risk management framework adequately addresses cybersecurity risk, and that controls are implemented to protect key assets and enhance cyber resilience.

Participation in the survey is voluntary, with all responses anonymised. The survey has been designed to help an entity assess its ability to:

• govern and manage organisational-wide cyber risks
• identify and protect information assets that support critical business services
• detect, respond to and recover from cyber security incidents.

The survey is accessible to ASIC regulated entities by logging into the ASIC Regulatory Portal, and following the link provided.

ASIC will publish a report with key findings from the survey later this year.

The report will provide sectoral insights, areas for action and the better practices identified. Insights gained from the report will support the Department of Home Affairs to further target advice and assistance to the financial sector, support enhanced partnerships to continue the sector’s uplift in cyber security and resilience, and ensure compliance with regulatory requirements.

After the survey closes, participants who elected to receive an individual report will receive insights into how they have assessed their current cyber resilience capability compared to those of industry peers.