Australian Securities and Investments Commission chairperson Greg Medcraft has called for a focus on "cyber resilience through risk management" to prevent destabilisation of financial markets.
"Advances in technology have led to the rise of cyber crime around the world," the ASIC chief said in remarks prepared for an address today at the Sydney office of financial information firm Bloomberg LP.
"The links between market players and infrastructure means that the impact of a cyber attack can spread quickly and has the potential to dangerously affect the integrity and efficiency of global markets; the protection of investors; and ultimately, trust and confidence in the financial system."
Succesfully countering a cyber attack will rely on granular risk management systems, Medcraft said.
"Boards should also be alive to the risk of a cyber attack as part of their risk-oversight role. Cyber crime is a global problem that requires a global solution. For critical infrastructure, we must focus on developing a consistent language to communicate the relative level of an organisation’s cyber resilience.
"The US Framework for improving critical infrastructure cybersecurity is a good starting point. It provides a scalable analytical framework to help organisations manage cyber risk. Importantly, it also provides a methodology for communicating the maturity of an organisation’s cyber resilience, ranging from partial – that is, ad hoc risk management – to adaptive – that is, an organisation that actively adapts to a changing cyber landscape and responds to evolving threats in a timely matter."
The International Organization of Securities Commissions (IOSCO), whose board which Medcraft was re-elected chair of in October, "is working on a range of projects to guide coordinated regulatory responses" to the issue.
Medcraft said IOSCO is working with the Committee for Payment and Market Infrastructure on guidance for protecting the infrastructure of financial markets and the organisation's policy committees are considering producing guidance on managing "cyber risks", disclosing how those risks are managed and improving the response to attacks.
Medcraft also focussed on the impact of digital disruption on the financial sector.
"Both regulators and industry must work together to harvest the opportunities, while mitigating the risks" of digital disruption, the ASIC chief said.
"At ASIC, we are keen to facilitate innovation where it does not compromise investor and consumer trust, confidence or stability.
"Digital disruption does not change the outcomes we achieve, but it will change how we achieve them. We are increasingly relying on technology to detect and respond to misconduct. For example, our Market Analysis Intelligence (MAI) system allows us to gather and match data to detect suspected misconduct in real time."