ASIC calls for greater organisational vigilance to combat cyber threats
ASIC has urged organisations to prioritise their cyber security after its report into the cyber capability of corporate Australia identified significant gaps.
The report, called ‘Report 776 Spotlight on cyber: Findings and insights from the cyber pulse survey 2023’, highlighted the results of ASIC’s recent cyber pulse survey. The results of the voluntary self-assessment survey have exposed deficiencies in cyber security risk management of critical cyber capabilities, indicating that organisations are reactive rather than proactive when it comes to managing their cyber security.
ASIC Chair Joe Longo said, “For all organisations, cyber security and cyber resilience must be a top priority. ASIC expects this to include oversight of cyber security risk throughout the organisation’s supply chain – it was alarming that 44% of participants are not managing third-party or supply chain risks. Third-party relationships provide threat actors with easy access to an organisation’s systems and networks.”
Encouragingly, participating organisations indicated well-developed capabilities in identity and access management, governance and risk management, and information asset management, with large organisations consistently self-reporting more mature cyber capabilities.
Due to competing demands for limited human and financial resources, small organisations lagged behind in third-party risk management, data security, consequence management, and adoption of industry standards than larger entities.
“There is a need to go beyond security alone and build up resilience – meaning the ability to respond to and recover from an incident. It’s not enough to have plans in place. They must be tested regularly – alongside ongoing reassessment of cyber security risks.
“An effective cyber security strategy, and governance and risk framework, should help identify, manage, and mitigate cyber risks to a level that is within the risk tolerance of senior leadership and boards,” concluded Mr Longo.
The National Cyber Security Coordinator, Air Marshal Darren Goldie AM CSC, welcomed the results of the report and acknowledged ASIC’s work to map out key gaps in corporate Australia’s cyber resilience.
“Cyber security must be a priority for us all, including individuals and businesses large and small. Support is available – the National Office of Cyber Security works closely with industry, to promote awareness and best practice, and support decision-making in response to cyber incidents. The 2023-2030 Australian Cyber Security Strategy will enable Australia to build and strengthen its cyber shields and develop our resilience to bounce back quickly,” said Air Marshal Goldie.
Key highlights from the report include:
44% of participants do not manage third-party or supply chain risk
58% of participants have limited or no capability to protect confidential information adequately
33% of participants do not have a cyber incident response plan
20% of participants have not adopted a cyber security standard.
You can read the findings from the full report at ASIC’s website.