ASIC says financial market cyber resiliency remained steady but fell short of target

Firms in Australia’s financial market have continued to be resilient against cyber threats, with improvement rates in cyber resiliency remaining steady, the Australian Securities and Investment Commission (ASIC) reported on Monday.

This finding was published in the corporate regulator’s latest report [PDF], which compiled trends from self-assessment surveys completed by financial markets firms. The report, titled Cyber resilience of firms in Australia’s financial markets: 2020–21, is an update to a similar cyber resilience report published by ASIC two years ago.

In both 2020 and 2021, ASIC asked participants to reassess their cyber resilience against the National Institute of Standards in Technology (NIST) Cybersecurity Framework. The NIST Framework allows firms to assess cyber resilience against five functions: Identify, protect, detect, respond, and recover, using a maturity scale of where they are now and where they intend to be in 12-18 months.

In the new report, ASIC identified that cyber resiliency among firms operating within Australia’s financial market increased by 1.4% overall, but this fell short of the 14.9% improvement targeted for the period. It was also lower than the 15% improvement that was achieved between 2017 and 2019.

ASIC attributed the shortfall to a combination of reasons including overly ambitious targets, a rise in

Read More: