Australian Securities and Investments Commission (ASIC) chairman Joe Longo has called on Australian businesses to fix “alarming” cybersecurity gaps, following a new report from ASIC which revealed a reactive rather than proactive approach, failures to protect confidential data and manage supply chain risks.
The report follows the recent Cyber Pulse Survey, which was developed to better understand the cyber maturity of regulated organisations in an ongoing heightened threat environment, exposing gaps in cyber security risk management of critical cyber capabilities.
The top cyber security threats were identified as phishing (26%) followed by ransomware (17%) and business email compromise (13%).
Overall, the report discovered that organisations are doing well in identity and access management, governance and risk management, and information asset management.
Of the 697 voluntary respondents, medium and large organisations consistently self-reported more mature cyber capabilities than small organisations, who are falling behind in supply chain risk management, data security and consequence management.
These make up the top four areas for improvement alongside adoption of cyber security standards.
The survey also discovered that 44% do not manage third-party or supply chain risk, 58% have limited or no capability to protect confidential information adequately, 33% do not have a cyber incident response plan, and 20% have not adopted a cyber security standard.
Longo said: “For all organisations, cybersecurity and cyber resilience must be a top priority.
“ASIC expects this to include oversight of cybersecurity risk throughout the organisation’s supply chain – it was alarming that 44% of participants are not managing third-party or supply chain risks.”
He added: “There is a need to go beyond security alone and build up resilience, meaning the ability to respond to and recover from an incident. It’s not enough to have plans in place. They must be tested regularly alongside ongoing reassessment of cybersecurity risks.
“An effective cybersecurity strategy, and governance and risk framework, should help identify, manage and mitigate cyber risks to a level that is within the risk tolerance of senior leadership and boards.”
To hear more about the greatest area of cybersecurity weakness on the supply side, register now for ProcureTECH’ 24 on 20-21 March 2024 which will address identity and access rights management.