This article follows a session on this topic held at the ASIC Annual Forum (AAF), 3-4 November 2022.
The session was moderated by ASIC Senior Executive Leader for Corporationsย Rachel Howitt.
Panel:
- Dr Derek Bopping, First Assistant Director General, Cyber Engagement and Strategy Division, Australian Cyber Security Centre
- Lynwen Connick, Chief Information Security Officer, Australian New Zealand Banking Group Limited
- Cameron Whittfield, Partner, Herbert Smith Freehills
Key points
Top Australian Brokers
- eToro - market-leading social trading platform - Read our review
- IG - Extensive product array and user-friendly platforms - Read our review
- IC Markets - experienced and highly regulated - Read our review
- Avatrade - powerful trading tools - Read our review
- This AAF session explored trends in global cybersecurity, examined bad cyber actors, and the preparedness of Australian firms in light of recent cyber incidents.
- ASIC is focused on increasing awareness and driving behavioural change in our regulated entities to strengthen their cyber resilience, through measures such as risk management frameworks, and the implementation of controls to protect key assets.
- Entities must allocate sufficient resources to address cyber risk. Where we consider that a firm has not met its obligations, we will take action to drive behaviour change.
The pace of technological change in the financial system and for small businesses is growing exponentially. Disruptive cyber-attacks are becoming more frequent and complex.ย
ASICโs Senior Executive Leader for Corporations, Rachel Howitt, joined a panel of regulatory and legal experts to discuss ASICโs work on cyber resilience in financial services and markets.
ASICโs focus on cyber resilience
Strengthening the cyber and operational resilience of Australian financial services firms and markets is a key priority for ASIC. ASIC remains focused on market integrity, innovation, and consumer protection.
We undertake proactive supervisory actions to encourage active management of cyber and operational risks and continuous improvement of resilience practices.
Where ASIC identifies egregious failures which result in consumer harm we may take enforcement action, which can result in significant penalties.
ASIC engages with the Department of Home Affairs to support the Australian Governmentโs cyber security response. As part of theโฏCouncil of Financial Regulators, weโre working to drive better information sharing andโฏgreater collaboration to enhance the cyber and operationalโฏresilienceโฏof the financial system and markets.
How firms can strengthen cyber resilience
ASIC expects financial services firms and markets to ensure their risk management frameworks adequately address cybersecurity risk, and that controls are implemented to protect key assets and enhance cyber resilience.ย
Measures taken should be proportionate to the nature, scale and complexity of the organisation, and the criticality and sensitivity of the key assets held. This includes reassessment of cybersecurity risks on an ongoing basis, based on threat intelligence and vulnerability identification, and oversight of cybersecurity risk throughout the digital supply chain.
ASIC is Australiaโs corporate, markets and financial services regulator.