This article follows a session on this topic held at the ASIC Annual Forum (AAF), 3-4 November 2022.

The session was moderated by ASIC Senior Executive Leader for Corporations Rachel Howitt.


  • Dr Derek Bopping, First Assistant Director General, Cyber Engagement and Strategy Division, Australian Cyber Security Centre
  • Lynwen Connick, Chief Information Security Officer, Australian New Zealand Banking Group Limited
  • Cameron Whittfield, Partner, Herbert Smith Freehills

Key points


Top Australian Brokers

  • This AAF session explored trends in global cybersecurity, examined bad cyber actors, and the preparedness of Australian firms in light of recent cyber incidents.
  • ASIC is focused on increasing awareness and driving behavioural change in our regulated entities to strengthen their cyber resilience, through measures such as risk management frameworks, and the implementation of controls to protect key assets.
  • Entities must allocate sufficient resources to address cyber risk. Where we consider that a firm has not met its obligations, we will take action to drive behaviour change.

The pace of technological change in the financial system and for small businesses is growing exponentially. Disruptive cyber-attacks are becoming more frequent and complex. 

ASIC’s Senior Executive Leader for Corporations, Rachel Howitt, joined a panel of regulatory and legal experts to discuss ASIC’s work on cyber resilience in financial services and markets.

ASIC’s focus on cyber resilience

Strengthening the cyber and operational resilience of Australian financial services firms and markets is a key priority for ASIC. ASIC remains focused on market integrity, innovation, and consumer protection.

We undertake proactive supervisory actions to encourage active management of cyber and operational risks and continuous improvement of resilience practices.

Where ASIC identifies egregious failures which result in consumer harm we may take enforcement action, which can result in significant penalties.

ASIC engages with the Department of Home Affairs to support the Australian Government’s cyber security response. As part of the Council of Financial Regulators, we’re working to drive better information sharing and greater collaboration to enhance the cyber and operational resilience of the financial system and markets.

How firms can strengthen cyber resilience

ASIC expects financial services firms and markets to ensure their risk management frameworks adequately address cybersecurity risk, and that controls are implemented to protect key assets and enhance cyber resilience. 

Measures taken should be proportionate to the nature, scale and complexity of the organisation, and the criticality and sensitivity of the key assets held. This includes reassessment of cybersecurity risks on an ongoing basis, based on threat intelligence and vulnerability identification, and oversight of cybersecurity risk throughout the digital supply chain.

ASIC is Australia’s corporate, markets and financial services regulator.