Powered by MOMENTUM MEDIA
Broker Daily logo

ASIC ramps up work on cyber activity

ASIC ramps up work on cyber activity
expand image

The corporate regulator has escalated its work in monitoring cyber activity and attacks amid the rise in both cyber activity and rapid digitisation over the COVID-19 period, it said.

Australian Securities and Investments Commission (ASIC) commissioner Cathie Armour told the House of Representatives standing committee on economics that ASIC “actively” monitors market infrastructure and market participants on their cyber resilience as part of its work with the Australian Prudential Regulation Authority (APRA).

Ms Armour added that the two regulators are working together to share information and intelligence on how the larger institutions which they both regulate are dealing with cyber risk.

“We consider cyber risk, the need to address and build the program for cyber resilience to be part of a licensed entity’s obligations to have in place adequate risk management procedures, practices and technologies sufficient to do their job, that is to provide financial services efficiently, honestly and fairly,” Ms Armour said.

==
==

As such, Ms Armour said that ASIC has escalated its work in cyber activity amid the rapid digitisation over the COVID-19 crisis period.

She added that ASIC has commenced moving from the education, monitoring and supervision stage into the enforcement stage.

“We’ve brought civil proceedings against a financial firm for what we say we’re alleging is failure to have sufficient practices in place to deal with cyber resilience,” she said.

“We do understand that in this world, it’s likely that firms will face some intrusions into their systems. What we expect is that the firms have in place plans to deal with those intrusions.”

Commissioner Sean Hughes also addressed the committee on the issue of cyber activity, stating that ASIC is conducting conversations not only around the impact of cyber attacks on financial institutions but also their customers, particularly small business and retail customers.

“We’ve been encouraging them to also think about what they can do to support customers who may be at far less sophisticated capability and to assist them to avoid exposure to cyber risks,” Mr Hughes told the committee.

“One of the things that I know all of my colleagues are very keen to do is to ensure that we work collaboratively with all of our brethren across the public sector who have an interest in this, so it’s not discordant voices or ambiguity around what the expectations regulators and policymakers have of the financial institutions.”

In December 2020, the Council of Financial Regulator (CFR) launched a Cyber Operational Resilience Intelligence-led Exercises (CORIE) framework to test and demonstrate the cyber maturity and resilience of institutions within the Australian financial services industry.

CORIE is a pilot program of exercises that will use intelligence gathered on adversaries to mimic the way they operate. At the end of the program, a report detailing industry-wide trends around cyber resilience will be presented to the CFR and highlight any systemic weaknesses that may pose a risk to the integrity of financial markets and system.

[Related: Major cyber breach in finance inevitable: APRA]

More on Regulation
18 November 2024
NAB has been targeted by ASIC after allegedly failing to support customers when applying for hardship support.
15 November 2024
The government has announced a fund aimed at boosting productivity across the country, including in housing construction ...
14 November 2024
The resetting of the Consumer Data Right (CDR) has begun, with changes coming into effect this week.