Credit: 228047334 © Nataliia Mysik | Dreamstime.com
Financial firms operating in Australia have missed the mark in improving their response against cyber threats over the last two years, Australia’s corporate watchdog has claimed.
According to the Australian Securities and Investments Commission’s (ASIC) Cyber resilience of firms in Australia’s financial markets: 2020–21, financial firms improved their cyber resilience by just 1.4 per cent overall — a ways off the intended goal of 14.9 per cent for the last 24 months.
The missing of this mark was determined by self-assessment; ASIC asked participants to judge their progress towards reaching cyber resilience targets they set themselves during 2020 to 2021.
This was then compared to responses collected previously by ASIC for 2016-2017 and 2018-2019. As a point of comparison, cyber security resiliency improved by 15 per cent between those two sets of responses, as per 2019's report.
The corporate regulator claimed the missed mark was a result of overly ambitious targets, an escalation in the current cyber threat environment and the COVID-19 pandemic causing disruptions.
As a result, this caused organisations to reassess their 2019 targets and introduce secure remote working en masse, as well as working towards reinforcing product and services delivery from cyber threats.
This dynamic potentially provides managed security service providers (MSSP) an opportunity to help out these firms, assuming they can meet their security requirements; the report found good practices by firms included treating critical suppliers with the same level of scrutiny as internal threats.
"These suppliers are incorporated into risk governance frameworks and standards — and are monitored based on their risk profile and ability to affect the firm’s service delivery," the report said.
Regardless of the low cyber security resilience growth, ASIC Commissioner Cathie Armour was optimistic about how firms reacted over the last two years.
“Firms operating in Australia’s markets continue to be resilient against a rapidly changing cyber threat environment,” she said.
“The COVID-19 pandemic has increased opportunities for threat actors to target remote workers, and access remote infrastructure and supply chains critical to the delivery of products and services. However, the response from firms has been robust.”
