Concerns that most don’t manage supply chain or third party risks
ASIC’s recent ” Spotlight on cyber: Findings and insights from the cyber pulse survey 2023 report” reveals significant shortcomings in the cybersecurity practices of organisations under its regulation. The findings show that 58% of these entities lack the digital capabilities to effectively protect confidential information.
The report covers various financial sectors, including insurance, payments, credit, deposit-taking, superannuation, market infrastructure, investment management and market intermediaries
Key concerns highlighted in the report include:
- Third-Party and Supply Chain Risks: 44% of organisations do not manage third-party or supply chain risks, with 69% having minimal to no capability to handle these risks.
- Vulnerability Scans: Nearly one-third of participants fail to conduct vulnerability scans of assets, indicating limited capabilities in monitoring unauthorised connections, devices, and software.
- Incident Response and Investigation: Almost one-fifth of businesses do not investigate cybersecurity incidents, and 13% do not try to understand the root cause.
- Proactive Response Plans: 33% of organisations lack a proactive cybersecurity response plan, and 35% do not test their existing plans.
ASIC Chair Joe Longo emphasises the need for organisations to prioritise cybersecurity and resilience. He underscores the importance of going beyond security, advocating for regular testing of plans and continuous reassessment of cybersecurity risks.
This report follows ASIC’s ongoing commitment to cybersecurity, as seen in their June report expressing concerns about the scalability and flexibility of the registry system behind the Australian Securities Exchange (ASX), CHESS. Despite plans to support the current system until 2032, ASIC emphasises the necessity for a more modern architecture to address evolving cybersecurity challenges.
Com-X partner closely with MyCISO to support our customers on assessment against Cyber Security Frameworks, Supply Chain Risk and internal team Culture. All coupled with Consultant Grade reporting, giving guidance and direction on actions and where Com-X can assist your team to meet expected standards.
Contact Com-X today if you wish to understand how we can support your organisations preparedness.
Joe Longo – ASIC Chairman
Posted by Nick Cross – Com-X General Manager – Sales and Marketing