In its latest media release on November 13, 2023, ASIC is urging businesses to enhance their cybersecurity practices. The call follows ASIC’s comprehensive report, highlighting significant gaps in the cyber capabilities of businesses across Australia.
According to insights from ASIC’s voluntary cyber pulse survey, many businesses are reacting rather than proactively managing cybersecurity risks. ASIC Chair Joe Longo emphasised the need for all businesses to prioritise cybersecurity and resilience.
Key Findings Summary
- Survey participants who do not manage third-party or supply chain risk. 44%
- Survey participants who have limited or no capability to protect confidential information adequately. 58%
- Survey participants who do not have a cyber incident response plan. 33%
- Survey participants who have not adopted a cyber security standard. 20%
- Survey participants who do not patch applications. 41%
- Survey participants who have no or limited capability in using multifactor authentication 33%
- Survey participants who do not have backups in place 30%
The report revealed a concerning statistic: 44% of surveyed businesses are not adequately managing third-party or supply chain risks, potentially providing easy access for threat actors to exploit organisations’ systems and networks.
While larger businesses demonstrated mature cyber capabilities, smaller entities faced challenges in areas such as third-party risk management, data security, consequence management, and adherence to industry standards, mainly due to limited resources.
Longo stressed the importance of moving beyond security measures to focus on building resilience. He highlighted the need for regular testing of incident response plans and continuous reassessment of cybersecurity risks.
Longo concluded, “An effective cybersecurity strategy, coupled with a robust governance and risk framework, should enable businesses to identify, manage, and mitigate cyber risks within the risk tolerance levels set by leadership and boards.”
A positive note emerged from the survey, with 95% of participants opting to receive individual reports, showcasing a commitment to improving cyber resilience by benchmarking against peers.
National Cyber Security Coordinator, Air Marshal Darren Goldie AM CSC, welcomed the report’s results and acknowledged ASIC’s efforts in pinpointing key gaps in corporate Australia’s cyber resilience. He highlighted the importance of cybersecurity for individuals and businesses of all sizes, emphasising the support available through the National Office of Cyber Security, which collaborates closely with industry to promote awareness, best practices, and decision-making support in response to cyber incidents. Air Marshal Goldie also highlighted the upcoming 2023-2030 Australian Cyber Security Strategy as a crucial initiative to fortify the nation’s cyber defences and enhance resilience.