ASIC has stated improved cyber resilience to be an area of focus in its most recent Corporate Plan. The Plan sets out key action items for ASIC from 2015 to 2019.
ASIC identified marked increases in the volume, sophistication and complexity of cyber attacks as driving the focus on cyber resilience (a trend which is only expected to accelerate in the future). The regularity body considers cyber attacks to be a systemic risk that could potentially impact trust and confidence in the financial system and market integrity.
Under the Plan, ASIC will focus in 2015-2016 on:
- improving awareness of cyber resilience, and increase the profile of the issues;
- incorporating cyber resilience into surveillance, particularly for those that provide critical services;
- coordinating and engage with other Government departments to identify cyber risks and build cyber resilience; and
- continuing to monitor market developments (as to cyber attacks and cyber resilience measures).
Looking towards 2019, ASIC intends on (among other things) promoting cyber resilience and identifying potential cyber attacks in markets through real-time market monitoring, ensuring compliance with licensing obligations and taking enforcement or other regulatory action where necessary.
The focus by ASIC on cyber reliance (particularly improving cyber awareness) is a welcome addition to its Corporate Plan and is a good start towards addressing the increased cyber risks we have identified and reported on previously.
It is also in line with the anticipated introduction of mandatory breach requirements in the near future.