Australian regulator ASIC has issued a stark warning to organisations to ramp up their cyber security measures.
This comes after its latest report, drawing from the findings of the cyber pulse survey, highlighted significant deficiencies in managing cyber risks among corporate entities in Australia. The survey, which was a voluntary self-assessment, unveiled a reactive rather than a proactive approach to cyber security across the board.
According to ASIC Chair Joe Longo, the survey’s results are a cause for concern. “For all organisations, cyber security and cyber resilience must be a top priority. ASIC expects this to include oversight of cyber security risk throughout the organisation’s supply chain – it was alarming that 44% of participants are not managing third-party or supply chain risks. Third-party relationships provide threat actors with easy access to an organisation’s systems and networks,” he stated.
Despite these shortcomings, the report did highlight some positives. Many participating organisations demonstrated well-developed capabilities in identity and access management, governance and risk management, and information asset management. Larger organisations generally reported more mature cyber capabilities.
However, smaller organisations are struggling, particularly in areas like third-party risk management, data security, consequence management, and adoption of industry standards. Longo emphasised the need for resilience, not just security. “There is a need to go beyond security alone and build up resilience – meaning the ability to respond to and recover from an incident. It’s not enough to have plans in place. They must be tested regularly – alongside ongoing reassessment of cyber security risks.”
95% of participants opted to receive an individual report, reflecting a commitment to enhancing cyber resilience. The National Cyber Security Coordinator, Air Marshal Darren Goldie AM CSC, also acknowledged the importance of the findings. He stressed that cyber security is a priority for everyone and highlighted the support available through the National Office of Cyber Security and the forthcoming 2023-2030 Australian Cyber Security Strategy.
Copyright © 2023 RegTech Analyst
Copyright © 2018 RegTech Analyst