Latest Products

Keeping an Eye on Cyber

Monday 6 December 2021

This week the Australian Securities and Investments Commission (ASIC) released a report that found improvement in the cyber resilience regime in the local financial market.

In an official statement along with the release of the report that focused on the 2020 to 2021 period , ASIC Commissioner Cathie Armour said, “Firms operating in Australia’s markets continue to be resilient against a rapidly changing cyber threat environment. The COVID-19 pandemic has increased opportunities for threat actors to target remote workers, and access remote infrastructure and supply chains critical to the delivery of products and services. However, the response from firms has been robust.”
This report follows another report that was published in 2017.

Report  716 Cyber resilience of firms in Australia’s financial markets: 2020–21  found  that while there had been slight improvement in cyber resilience overall, supply chain risk management is still a challenge for the small and medium enterprises (SME).

  • 90% of firms have strengthened user and privileged access management
  • 88% of firms are ensuring users are trained and aware of cyber risks—an important line of defence.
  • 86% of firms have mature cyber incident response place
On SME supply chain risk management:
  • 40% of SMEs indicated weak supply chain risk management practices.
Cyber Risk and Cyber Governance
Improving cyber resilience was one the four key community outcomes form the Australian Prudential Regulation Authority (APRA) Corporate Plan for  2020 to 2024.
“Building on previous strategic initiatives, including releasing APRA’s Prudential Standard CPS 234 Information Security, APRA has been developing its 2020-2024 Cyber Security Strategy. In line with APRA’s strategic focus on improving cyber resilience across the financial system, the updated strategy seeks to influence the financial system more broadly.”

But building effective GRC systems around cyber governance  might continue to eb challenge for organisations because of its technical nature
In recent Podcast Interview to be released next year, the new GRC Institute Director Elizabeth Sheedy  highlighted that she has particular interest and has already begun research  on setting on cyber governance systems.

“Cyber risk is a massive problem for all organisations big and small. Obviously, this not just financial instituitons everyone is grappling with cyber risk and how we set up good governance systems for that I think is quite a challenge. “
Professor Sheedy said that cyber resilience and effective cyber governance it is a quite a technical area.

The regulator has highlighted a few areas that it will continue to focus on:

  • engaging and collaborating with regulated firms, other regulators, and Government
  • raising awareness of cyber risks in the financial markets sector and highlighting good practices and areas for improvement
  • assessing the cyber resilience of regulated firms and measuring their progress against their targets
  • engaging with firms that are failing to improve their cyber resilience.

You can download the ASIC report here.