ASIC has issued a call for greater organisational vigilance in a bid to address significant gaps in Australia’s corporate cyber capabilities, following the release of a comprehensive report that sheds light on the state of cybersecurity within corporate Australia.
The ASIC report, Spotlight on cyber: findings and insights from the cyber pulse survey 2023, has exposed deficiencies in cybersecurity risk management of critical cyber capabilities, suggesting that organisations are taking a reactive rather than a proactive approach in managing their cyber security.
ASIC Chair Joe Longo (pictured above) said that cybersecurity and cyber resilience should be a top priority for all organisations.
“ASIC expects this to include oversight of cyber security risk throughout the organisation’s supply chain – it was alarming that 44% of participants are not managing third-party or supply chain risks,” Longo said in a media release.
“Third-party relationships provide threat actors with easy access to an organisation’s systems and networks.”
Small organisations, in particular, lagged behind in third-party risk management, data security, consequence management, and the adoption of industry standards, the voluntary self-assessment survey revealed, which ASIC said was due to competing demands for limited human and financial resources.
Despite the challenges, the survey showed well-developed capabilities in identity and access management, governance and risk management, and information asset management, with larger entities consistently reporting more mature cyber capabilities than their smaller counterparts.
ASIC emphasised the need to go beyond security and build resilience.
“There is a need to go beyond security alone and build up resilience – meaning the ability to respond to and recover from an incident,” Longo said. “It’s not enough to have plans in place. They must be tested regularly – alongside ongoing reassessment of cybersecurity risks.
“An effective cyber security strategy and governance and risk framework should help identify, manage, and mitigate cyber risks to a level that is within the risk tolerance of senior leadership and boards.”
The corporate watchdog noted that 95% of survey participants chose to receive an individual report detailing their cyber resilience in comparison to their peers, demonstrating a commitment to improving their organisation’s cyber resilience.
Darren Goldie, national cybersecurity coordinator, welcomed the report findings, acknowledging ASIC's efforts to identify key gaps in Australia's corporate cyber resilience.
“Cybersecurity must be a priority for us all, including individuals and businesses large and small,” Goldie said.
“Support is available – the National Office of Cyber Security works closely with industry, to promote awareness and best practice, and support decision-making in response to cyber incidents. The 2023-2030 Australian Cyber Security Strategy will enable Australia to build and strengthen its cyber shields and develop our resilience to bounce back quickly.”
Download and read Spotlight on cyber: Findings and insights from the cyber pulse survey 2023.
Get the hottest and freshest mortgage news delivered right into your inbox. Subscribe now to our FREE daily newsletter.