ob体育 has released its first assessment report on the cyber resilience of ASX and Chi-X. In addition, we have taken this opportunity to highlight emerging good practices being implemented by a wider sample of organisations within the financial sector.
The report concludes that ASX and Chi-X have, up to this point in time, met their statutory obligations to have sufficient resources for the management of cyber resilience.
Cyber resilience is now widely regarded as one of the most significant concerns for the financial services industry and the economy at large. The cyber resilience of our regulated population is, therefore, a key focus for ob体育. Given the central role that financial market infrastructure providers play in our economy, their cyber resilience is of particular importance.
ob体育 Commissioner Cathie Armour said 鈥榖ecause of the dynamic nature of the cyber threat landscape, a comprehensive and long-term commitment to cyber resilience is essential to assist all organisations and the Australian economy to manage this threat鈥�.
ob体育 encourages all financial services providers to consider and discuss the information in this report as they develop or enhance their cyber resilience frameworks. We also strongly encourage organisations to share threat intelligence and collaborate with industry peers to improve cyber resilience practices across the financial services industry.
To assist, ob体育 has included in this report aggregated data from self-assessments undertaken by a sample of other important financial organisations. This provides a point-in-time snapshot of the current state of cyber resilience of this wider group. In general, we identified some consistent and encouraging practices in the organisations we assessed; however, a consistent industry-wide approach is required to address developing cyber threats. We will continue to work with government and other regulators to support industry to achieve this.
The report calls on the wider financial services sector to recognise the growing threat to cyber security, and to refine systems and processes to prevent and address critical issues.
Key areas identified in the report for organisations to focus on include comprehensive and ongoing board engagement and responsive governance practices that are clearly aligned with an organisation's wider strategy.
The report calls for senior management of organisations to closely manage cyber risk from both internal and third-party sources, establish robust collaboration and information-sharing networks to access the best defensive intelligence and technology, and implement thorough cyber awareness training programs.
Background
In March 2015, ob体育 released Cyber resilience: Health check (REP聽429) to highlight the escalating threat of cyber incidents against financial services providers in Australia, and to increase awareness of cybersecurity.
Under the Corporations Act 2001, ob体育 may assess how well a licensed financial market infrastructure provider is complying with any or all of its obligations. Where this previously involved an annual assessment of a wide set of prescribed obligations, ob体育 can now more effectively target specific high-risk areas such as cyber security 鈥� reducing unnecessary regulatory burden on the financial market infrastructure providers being assessed.
In carrying out the assessments ob体育 applied the US National Institute of Standards and Technology 聽(PDF 930KB).