ASIC’s Cyber Pulse Survey leads insights into Australia’s cyber security strategy

ASIC-regulated entities, including publicly listed companies and other entities holding licences and authorisations have been invited to take part in a Cyber Pulse Survey (CPS) to measure cyber resilience in Australia’s corporate and financial markets.

ASIC has said that the survey will be one of the largest ever conducted into Australia’s cyber resilience. The survey will measure companies’ current cyber security and controls, governance arrangements, and incident preparedness in the event of an attack.

It will help companies assess their ability to:
  • Govern and manage organisational-wide cyber risks.

  • Identify and protect information assets that support critical business services.

  • Detect, respond to and recover from cyber security incidents.

ASICs focus on cyber security as part of a licensee’s statutory risk management obligations was exemplified in the well publicised RI Advice case last year. See our article on this topic here.

Increased susceptibility to cyber attacks

ASIC has outlined that Australian businesses are highly susceptible to potential attacks, with cybercrime increasing by 13 per cent between the 2020-21 and 2021-22 financial years. The ACSC reported that medium sized businesses (20-199 employees) had the highest average financial loss per cybercrime report.[1]

The CPS contributes to the 2023-2030 Cyber Security Strategy which was announced in 2022 by the Federal Government. This long-term strategy focuses on key initiatives such as increasing collaboration between private industry and the government to further strengthen cyber-security mechanisms and improving cyber awareness.

Australia is currently listed as the fifth most comprehensive cyber power[2], which is positive news, although there is still room to improve our cyber-security capabilities, especially after recent high-profile cyber breaches such as those against Medibank, Optus and HWL Ebsworth.

The CPS serves as a timely reminder that now, more than ever, businesses should have strategies in place to mitigate the threat of cyber-attacks.

Takeaway

We keenly await the outcome of ASICs Cyber Pulse Survey in late 2023 which will inform the market on insights into different sectors, areas for improvement and better practices. The CPS will also inform the Australian Cyber Security Centre on these issues and enable the provision of targeted advice and assistance to the financial sector in order to uplift its cyber resilience and preparedness whilst ensuring compliance with regulatory and statutory obligations.

[1] https://www.cyber.gov.au/about-us/reports-and-statistics/acsc-annual-cyber-threat-report-july-2021-june-2022#:~:text=Frequency%20of%20cybercrime%20reports,8%20minutes%20in%202020%E2%80%9321.

[2] https://www.belfercenter.org/publication/national-cyber-power-index-2022

Stay informed with our latest articles

* indicates required