ASIC issues major cyber guide

ASIC issues major cyber guide | Insurance Business

ASIC issues major cyber guide
ASIC has released a cyber risk and resilience guide to try to give business owners an idea of the cyber risks they may face in the future.

With a host of high-profile data breaches affecting companies both at home and abroad, ASIC has complied the major new report to try to ensure that Australian companies, insurers and brokers included, remain safe from cyber threats.

ASIC Chairman Greg Medcraft called cyber attacks “a major risk for ASIC's regulated population and that means cyber resilience is an area of ASIC focus".

“The electronic linkages within the financial system mean the impact of a cyber attack can spread quickly – potentially affecting the integrity and efficiency of global markets, and trust and confidence in the financial system.

“This report outlines some ‘health check prompts’ to help businesses review their cyber resilience – including flagging relevant legal and compliance requirements, particularly on risk management and disclosure.”

The report details the growing importance of cyber insurance for all Australian businesses as the threat of attack continues to rise.

“There has been increasing appetite for, and developments in, targeted cyber insurance liability cover. Existing insurance (e.g. business continuity or professional indemnity cover) may not adequately cover the impact of a cyber attack,” the report states.

“Considering cyber insurance may be an appropriate business decision based on a company’s risk profile.”

ASIC focus on the need for mitigation from cyber attacks as preparing for a cyber threat may not fully protect a company but it can have a positive impact on limiting the effects of an attack and can improve response times to breaches.

“Resilience is more than just preventing or responding to an attack – it also takes into account the ability to operate during, and to adapt and recover, from such an event,” the report says.

“Customarily, organisations have focused on protection against cyber attacks. However, a resilience-based approach to cyber attacks is vital for organisations to better adapt to change, reduce exposure to risk, and learn from incidents when they occur.

“It is in the interest of all businesses to improve their resilience to cyber risks.

“Due to business, technological and financial interconnectedness, improving the resilience of one organisation can be a small step in improving the cyber resilience of all.”

The full report can be found here.