Following a targeted survey at the end of 2016, the Australian Securities Exchange (ASX) has launched its first Cyber Health Check Report, assessing the awareness of and preparation of the ASX Top 100 to confront cyber risks.  From the responses, cyber risk issues are a significant strategic business risk for boards, with the majority of companies engaging in regular vulnerability assessments, cyber strategy development and incident reporting.

Importantly, for fintech businesses engaging with large corporates, a key shortcoming for large companies was the lack of knowledge held in relation to their dealings with third parties, including that:

  • 30% of respondents haven’t yet evaluated the cyber resilience of suppliers, customers and other key external parties that connect to them; and
  • 32% had only a limited understanding at board level of the extent of information shared with third parties.

Ensuring that third parties are also cyber resilient will likely be a key concern of large corporates in the future.  The report identified other areas for improvement for the top 100 companies, with the key opportunities for service providers broadly covering improving quality of cyber risk reporting, creating a set of standard cyber security metrics, understanding key controls in a company’s cyber resilience framework and implementing a plan to notify affected individuals if there is a privacy breach of their personal information likely to result in serious harm.