realestatebusiness logo

Subscribe to our newsletter

Australian financial market falls short in cyber security

ASIC has called for firms to persevere as data suggests cyber resilience improved roughly one-tenth of the intended target in two years.

New figures released by the Australian Securities & Investments Commission (ASIC) have suggested that Australian firms are struggling to become more cyber resilient, with the regulator stating that firms have improved by 1.4 per cent in two years.

This development, which was included in ASIC’s biannual cyber-resilience report, “Cyber resilience of firms in Australia’s financial markets: 2020–21”, is less than one-tenth of the intended growth target made in the previous report, published in 2019. 

The growth is also a stark contrast to the previous growth of 15 per cent in cyber resilience made between 2017 and 2019. 

However, ASIC has stated that this latest figure can be attributed to overly ambitious target, an escalation in the cyber-threat activity, and a change in priorities related to the COVID-19 pandemic – including the diversion of resources to enable secure remote working and maintaining operations as “supply chains become increasingly burdened and threatened by cyber activists”.


As per the report, this two-year period saw improvements in the management of digital assets (7.2 per cent), business environment (6 per cent), staff awareness and training (4.7 per cent) as well as protective security controls (4.5 per cent). 

It also saw the divide between small and medium-sized enterprises (SMEs) and larger firms shrink, with the former seeing an overall 6.4 per cent improvement under the National Institute of Standards in Technology (NIST) Cybersecurity Framework, a system allowing firms to assess their preparedness against cyber attacks via five functions – identify, protect, detect, respond and recover. 

SMEs reported overall increases of 12.4 per cent in “identify”, a 4.7 per cent growth in “protect”, a 1.5 per cent improvement in “detection” and a 3.7 per cent increase for “respond” compared to the previous report.  

However, 20 per cent of SMEs stated that their “recover” was either partial or risk-informed – the lowest and second-lowest rating out of the four-tier scale. 

By comparison, large firms over this period reported an overall drop of confidence in their cyber-resilience confidence of 2.2 per cent, with 3.4 per cent dip in “identify” and a decline of 6 per cent in “respond”. 

This two-year period also saw increases in partial and risk-informed scores in “protect” (now at 20.6 per cent), “detect” (now at 15.9 per cent of large firms) and “recover” (now at 10 per cent). 

However, while this increase is positive for SMEs, the assessment noted that 40 per cent of SMEs rated their supply chain risk management as either partial or risk-informed. 

Speaking of the results, ASIC commissioner Cathie Armour said that firms, both large and small, are continuing to “be resilient against a rapidly changing cyber threat environment”. 

“The COVID-19 pandemic has increased opportunities for threat actors to target remote workers, and access remote infrastructure and supply chains critical to the delivery of products and services,” she concluded.

“However, the response from firms has been robust.”

[Related: SMEs are top cyber-crime target: ACSC]

Australian financial market falls short in cyber security

Sam Nichols

Sam Nichols is a journalist at The Adviser and Mortgage Business. His reporting has featured in a range of outlets including ABC News, SBS' The Feed, and VICE.

Latest News

The brokerage has teamed with the fintech, for the launch of a new app that will let borrowers compare pricing and environmental impact acro...

The desire to secure a mortgage has collapsed across the country, according to a new analysis from Equifax. ...

The Reserve Bank will be closely watching how households respond to higher rates as it decides its next move, ANZ senior economists have sai...


Join Australia's most informed brokers

Do you know which lenders are providing brokers and their customers with the best service?

Use this monthly data to make informed decisions about which lenders to use. Simply contribute to the survey and we'll send you the results directly to your inbox - completely free!

What is the maximum proportion of income borrowers should use to service a mortgage?

Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.