ASIC cyber resilience survey shows improvements are needed around incident response management

Maria Nikolova

Incident response management remains a problematic area for large firms and SMEs in Australia’s financial markets, according to a new survey.

How secure is your brokerage against cyber attacks?

Although many Australian financial services firms have managed to markedly bolster their cyber resilience, much remains to be done in areas such as incident response, according to the results of a survey published today by the Australian Securities and Investments Commission (ASIC).

Over the past 24 months, 101 firms across the financial markets sector completed a self-assessment survey on their cyber resilience. Survey participants were made up of a cross-section of businesses in Australia’s financial markets, including stockbrokers, investment banks, market licensees, post- trade infrastructure providers and credit ratings agencies.

The Cyber resilience scale against which the survey participants assessed themselves included several categories:

  • Partial: Policies are non-existent or not formalised. Responses are ad hoc and sometimes reactive;
  • Risk-informed: Policies are rarely updated and are not followed consistently;
  • Repeatable: Policies are formally approved and regularly updated. Measures are in place to ensure they are followed;
  • Adaptive: Policies are continually evolving based on changes to cyber security.

SMEs

ASIC notes that effective information risk management requires formal governance, policies and procedures. SMEs have found information risk management challenging with almost half reporting that they are currently at ‘partial’ or ‘risk-informed’ maturity. On the other hand, user access management is the strongest area for SMEs with 83% reporting current maturity as “repeatable” or “adaptive”.

Monitoring and detection are problematic as 40% of SMEs reported shortcomings in these areas.

Significant improvements are needed around incident response management, ASIC notes, as more than 40% of firms are currently at ‘partial’ or ‘risk-informed’ maturity. The common theme is a lack of formalised processes. SMEs acknowledge the importance of this area and are targeting a 35% improvement, which would leave less than 10% as ‘partial’ or ‘risk- informed’.

Large firms

All large firms understand their regulatory cyber security obligations and have information and cyber security policies in place which are communicated across the organisation and regularly reviewed and updated. The survey shows that 41% of firms indicated that a proper understanding of information flows across the organisation was a work in progress, however, 45% are still grappling with their understanding of externally managed systems and data. All firms indicated that these were priority areas for the next investment period.

User access control is well managed by large firms. For instance, user access to systems and data is permissions-based and physical access to assets is controlled.

Monitoring of unauthorised mobile software is still an issue despite efforts to reduce risks.

Data protection is enhanced, as there has been a shift in the way data protection technology is being applied. For example, there is growing use of data encryption for data that is stored and transmitted over networks. Of the total of large firms that took part in the survey, 62% indicated that they intend to improve their data protection arrangements in the next 12–18 months.

The problems with incident response management, however, are acute for large firms too. ASIC notes that substantial improvements are required around incident response management for these entities also. More than 40% of large firms are currently at ‘partial’ or ‘risk- informed’ maturity.

Read this next

Digital Assets

BlockDAG Presale Raises $9.9M as Batch 5 Nears Sell-Out Amid Bonk’s Fluctuating Trading Volume & Spell’s Bullish Price

Explore BONK’s trading volume, SPELL’s market shifts, and why BlockDAG’s 10,000 ROI makes it an ideal crypto for savvy investors in 2024.

Digital Assets

Bybit expands into Europe amid regulatory scrutiny

Dubai-based cryptocurrency exchange Bybit is expanding its operations in Europe after encountering regulatory challenges in Hong Kong.

Digital Assets

Cathie Wood’s sponsored Bitcoin ETF sees historic $200 million inflows

The ARK 21Shares Bitcoin ETF (ARKB), co-sponsored by Cathie Wood’s ARK Invest, registered historic inflows exceeding $200 million on Wednesday, signaling a robust appetite among investors for Bitcoin-centric investments.

Digital Assets

Sam Bankman-Fried might see his 25-year sentence halved

Sam Bankman-Fried, the founder of the failed cryptocurrency exchange FTX, was sentenced to 25 years in federal prison by a Manhattan court on Thursday. This comes after he was convicted of defrauding customers and investors, with Judge Lewis Kaplan highlighting the potential future risks posed by Bankman-Fried.

Technical Analysis

EURJPY Technical Analysis Report 28 March, 2024

EURJPY currency pair under the bearish pressure after the pair reversed down from the major resistance level 164.25, which also stopped the sharp weekly uptrend at the end of last year,

Digital Assets

BlockDAG’s Presale Hits $9.9M, MultiversX & MINA Price Predictions Show Green

Read about BlockDAG’s promising $10 prediction and insights on MultiversX Price Prediction as MINA’s potential unfolds.

Digital Assets

Rockstar Co-Founder and All-star Line Up Join Advisory Board to Take Metacade into Post Beta Orbit

Metacade, the revolutionary Web3 gaming platform, prepares to streak out of beta with a slew of ground-breaking initiatives that will redefine the way blockchain games are developed.

Retail FX

Prop firm The Funded Trader shuts down, claims relaunch in April

Prop trading firm The Funded Trader has ceased all operations, with claims for a relaunch in the near future.

Digital Assets

Ethereum-Based Tokenized Real Estate Platform USP Launches On Republic

How This Californian Startup Is Revolutionizing Real Estate Investment through Ethereum-Based Tokenization.

<