ASIC aims to measure cyber resilience in financial entities

The Australian Securities and Investments Commission (ASIC) is aiming to increase cyber awareness in the domestic financial services market and regulated entities, including publicly listed companies and license-holding entities, by encouraging them to measure their own cyber resilience and share their insights.

Financial organisations have been invited to participate in the ASIC cyber pulse survey, which will focus on measuring financial entities’ current cybersecurity capabilities and controls, governance arrangements and incident preparedness.

Participation in the survey will be voluntary and anonymous, with the results expected to help entities assess their ability to govern organisation-wide cyber risks, better identify and protect information-supporting critical business services, as well as responding to and recovering from cybersecurity incidents.

The self-assessment is hoped to provide insights to entities on their own cyber resilience measures compared against industry peers.

The release of the survey follows a recent announcement from the Minister for Cyber Security, Clare O’Neil, on the Government’s intention to make Australia the world’s most cyber-secure nation by 2030.

ASIC said it would expect directors of public companies to ensure their organisation’s risk management framework adequately addresses cybersecurity risk, and that controls are implemented to protect key assets and enhance cyber resilience.

“Cyber attacks can disrupt an organisation’s business operations and result in financial, legal and reputational harm. The interconnectedness of our financial system can mean the impact of cyber attacks can spread well beyond a single entity,” ASIC executive director, markets, Greg Yanco said.

Following the survey, the regulator will publish a report with key findings which are expected to provide sectoral insights as well as areas for action and allow to identify better practices.

According to the Australian Cyber Security Centre, in 2021, the estimated total cost of cybercrime in Australia was $42 billion.