Cyber security risk in the financial services industry is profound and growing rapidly as all forms of finance move online. Recent high profile hacks and attacks exposing private information have dominated the news all too frequently. The Australian Securities and Investment Commission (ASIC) has just published a report assessing the resilience of Aussie financial service firms. The Report, labeled 555, is designed to raise awareness and highlight best practices. There is also a need to assess cyber preparedness for financial firms.
Survey participants included stockbrokers, investment banks, market licensees, post – trade infrastructure providers and credit ratings agencies. Twenty nine large firms provided feedback and seventy two SMEs answered questions. Almost 40% of SMEs reported shortcomings in monitoring and detection practices.
ASIC says the key insights from the assessments include:
- There is a growing understanding that cyber risk is a strategic, enterprise-wide issue that is on all organisations’ radars and is attracting increasing investment.
- The disparity between large firms and small-and-medium firms is reflective of their investment in cyber security, the period of time cyber security has been an investment priority, and the ability to acquire highly specialised skills.
- Larger firms have demonstrated a relatively high degree of cyber resilience.
- Small-and-medium firms are working towards developing their cyber resilience by investing in cyber security, but there is a long way to go.
The report in itself is not conclusive and is described as a snapshot of the current ecosystem. The findings are more indicative of a pressing need to improve cyber protection on multiple levels. ASIC states “the results of these self-assessment surveys show that while firms are getting better at managing cyber risk, there’s still work to do.”
ASIC said will continue to monitor and assess the situation over time. They also indicated their intent to collaborate with regulated firms as well as other regulators.