The ASX and ASIC have targeted 100 listed companies to participate in cyber health checks following concerns that board rooms lack awareness of cyber-attacks.
The ASX and ASIC have invited Australia’s top 100 companies to participate in an ASX 100 Cyber Health Check. This survey will benchmark the levels of cyber-security awareness, capability and preparedness within business.
Participation by companies is voluntary. Reponses have been sought by mid-December 2016.
Participating companies will receive a confidential report benchmarking their own cyber-security practices. A public report on the themes from the data is expected to be released in March 2017.
Amanda Harkness, ASX group executive, said the ASX 100 Cyber Health Check has galvanised government, regulators and industry. This issue is of critical importance to business and millions of investors that hold shares in Australian companies.
She said participation will reassure shareholders and the broader community that boards are actively engaged in addressing cyber issues.
The ASX had worked with the ASIC, the Department of PM&C, CERT Australia, and the big four audit firms, especially KPMG.
Australia’s cyber-security strategy is also highligted at the FST Government Queensland conference being held Thursday 16th March in Brisbane. This conference features a presentation by Dr Carolyn Patteson, Assistant Secretary, Cyber Crime and Security Branch, Attorney-General’s Department.
The ASX health check is an industry-led initiative that forms part of the Australian government’s Cyber Security Strategy.
Content for the survey involved coordination between the ASX, ASIC and representatives from government and business. Input was also provided by the audit firms KPMG, Deloitte, EY, and PwC.
This is based on a similar exercise in the UK with the FTSE 350.
An earlier report by the Australian National University warns-report warned that government and industry have lacked awareness about cyber-attacks.
This is despite the mantra of cyber-preparedness that has been spear-headed by the Australian government. This is under a high-profile $230 million four-year funding program that seeks to build cyber-security awareness, while planning for future contingencies.