Cyber resilience

Cyber security and resilience is essential to all organisations operating in the digital economy. As digital services become more interconnected, the increasing sophistication and frequency of cyber-attacks has the potential to cause widespread disruption and damage. A material cyber incident may cause significant harm to consumers, destabilise markets and affect trust and confidence in Australia’s financial system.

In Australia, a broad regulatory framework places obligations on businesses, and the people that run them, to properly manage cyber risk. These obligations are administered by various Government departments and agencies. ASIC’s focus within this framework is on Australian financial markets, those that operate in or on those markets, and providers of financial services (other than those principally regulated by another agency such as the Australian Prudential Regulatory Authority).

Our vision is for Australia’s financial markets and systems to be resilient to cyber incidents. We work collaboratively with organisations, regulators and Government to:

  • promote active, continuous, and proportionate management of cyber risks
  • proactively monitor and supervise regulated organisations
  • share good practices and standards, and
  • take deterrence-based enforcement action, where appropriate.

ASIC guidance

Cyber resilience is the ability to adapt to disruptions caused by cyber security incidents while maintaining continuous business operations. This includes the ability to detect, manage and recover from incidents.

We have published information and guidance to help organisations improve their cyber security and resilience:

Resources

Many resources are available on the topic of cyber resilience, including regulatory documents, reports, speeches, articles and links to external resources.

We also encourage you to visit the Australian Cyber Security Centre (ACSC) and register to receive their alerts. The ACSC has a range of resources for small and medium businesses and large organisations, including useful tips, guides and assessment tools.

Help for consumers

Everyone has a role to play in ensuring online security, including consumers. Visit our Moneysmart website for information about how to protect yourself from online scams and manage your personal finances with confidence. The ACSC also provides practical tips for individuals and families to stay safe online.

Assessing cyber resilience

We have historically asked firms operating in Australia’s financial markets to complete self-assessment surveys on their cyber resilience. The following reports identify key trends from the surveys and highlight existing good practices and areas for improvement:

More in this section

Do you need to report a cyber incident?

Visit the Australian Cyber Security Centre website or call the Australian Cyber Security Hotline: 1300 CYBER1 (1300 292 371).

You should also consider whether a cyber event or incident gives rise to other reporting obligations, including requirements to report to ASIC (such as reportable situations for AFS and credit licensees) or make a public disclosure. You can self-report to ASIC online or call us on 1300 300 630.

What's new

Last updated: 26/10/2022 10:35