The Australian Securities and Investments Commission (ASIC) has issued a stark warning to organisations to bolster cyber security measures in the wake of its recent cyber pulse survey which identified significant gaps in the cyber capabilities of corporate Australia.
The survey results paint a concerning picture of cyber security risk management, revealing that many organisations adopt a reactive, rather than a proactive, stance in addressing their cyber vulnerabilities.
However, the survey was not without its positive findings. It showed that participating organisations exhibited well-developed capabilities in areas such as identity and access management, governance, risk management and information asset management.
This was particularly true for larger organisations, which consistently reported more mature cyber capabilities.
Conversely, smaller organisations were found to be trailing in several key areas, including third-party risk management, data security, consequence management and the adoption of industry standards.
We are calling on organisations to prioritise their #cyber security after our report into the cyber capability of corporate Australia identified significant gaps https://t.co/GsB9lS6SDw— ASIC Media (@asicmedia) November 12, 2023
"A top priority"
ASIC chair Joe Longo, in his statement, underscored the urgency and importance of this issue.
"For all organisations, cyber security and cyber resilience must be a top priority.
ASIC expects this to include oversight of cyber security risk throughout the organisation’s supply chain – it was alarming that 44% of participants are not managing third-party or supply chain risks.
Third-party relationships provide threat actors with easy access to an organisation’s systems and networks," Longo said.
Longo stressed the need for organisations to not only focus on security measures but also to develop robust resilience strategies.
"There is a need to go beyond security alone and build up resilience – meaning the ability to respond to and recover from an incident. It’s not enough to have plans in place. They must be tested regularly – alongside ongoing reassessment of cyber security risks," Longo remarked.
The commitment to improving cyber resilience was evident, with 95% of survey participants opting to receive an individual report to benchmark their cyber resilience against their peers.
Critical gaps in cyber resilience
The National Cyber Security Coordinator, Air Marshal Darren Goldie AM CSC, also weighed in, welcoming the insights provided by the report and acknowledging ASIC's role in highlighting the critical gaps in cyber resilience within corporate Australia.
"Cyber security must be a priority for us all, including individuals and businesses large and small.
Support is available – the National Office of Cyber Security works closely with industry, to promote awareness and best practice, and support decision-making in response to cyber incidents.
The 2023-2030 Australian cyber security strategy will enable Australia to build and strengthen its cyber shields and develop our resilience to bounce back quickly," Air Marshal Goldie said.
This call for enhanced vigilance and proactive measures in cyber security by ASIC serves as a crucial reminder of the ever-evolving nature of cyber threats and the need for continuous improvement in cyber resilience across all sectors.