The ASIC, or the Australian Securities and Investments Commission, has managed to improve their financial market due to the new campaign of awareness and management of cyber-security risk. However, they believe that there is still space for enhancement in the entire industry.

The Self-Assessment Surveys and Report 651 from ASIC

The new report from the ASIC was resulted from a compilation of trends from self-assessment surveys that were done by financial markets companies. Report 651 from the ASIC is known as “Cyber resilience of firms in Australia’s financial markets: 2018–19”. It is considered an updated version of report 555 of 2017, known as “Cyber resilience of firms in Australia’s financial markets.”

During the 2017 and 2018 period, the ASIC has requested participants in the financial markets industry to define the parameters of their cyber resilience against that of the standard framework of the “National Institute of Standards in Technology (NIST) Cyber-security.” The NIST standard framework permits financial companies to define the cyber resilience in five objectives: detect, identify, distinguish, respond, and recover. The NIST standard framework uses a scale of where they are currently positioned, and where they plan to be in twelve to eighteen months.

“The cyber resilience of firms operating in Australia’s markets has improved since Report 555, with an average increase of 15% across all cyber resilience functions between cycle one and two,” ASIC reported.

“Organisations are alert to cyber-security threats to their business and have focused their resources and efforts on improving their cyber-security governance, risk management, and response and recovery capabilities.”

What’s Next For Cyber-Security Risks?

The ASIC stated that despite the resilience that took place in cyber-security among firms has improved; there are still many financial companies who are having a hard time meeting the targets that they set in the first cycle. This shows that there are several concerns regarding the issue such as: over-ambitious objectives, a constant change in the environment of the financial industry, restricted capacity of organization, and limited exposure to specific skills and resources.

According to report 651, cyber-security governance, risk strategies, and management have upgraded in big firms, with ninety percent flagged as adaptive and repetitive. Asset control and risk management in supply chains have been analyzed as the two most neglected areas of improvement by various financial firms.

“Many have invested in security operation centres that have skilled teams proactively monitoring threats against their organisations,” ASIC reported. Many financial firms have decided to invest in outsourcing security firms to be able to have an active team that detects any threats to the firm.