The Australian Securities and Investments Commission (ASIC) has put out a report aimed at helping Australian businesses improve cyber resilience.
The report includes a number of health check prompts for organisations to improve cyber security.
For example, firms are encouraged to review the level of board and senior management oversight of IT-related risks, including how frequently risks are updated.
“The United States NIST Cybersecurity Framework allows you to determine your current cyber security capabilities, set goals for a target level of cyber resilience and establish a plan to improve cyber security,” states the report.
ASIC also encouraged organisations to maintain an up-to-date inventory of all systems, software and information assets.
“Poor cyber resilience of your third-party providers, such as business partners, contractors and suppliers may expose you to cyber risks,” states the report.
“You may consider reviewing the cyber risk management of third parties critical to your business continuity- including the risks of outsourcing arrangements or cloud-based services.”
If a attack does occur, ASIC encourages firms to notify employees, customers or clients if there has been a breach of their personal data.
It recommended that organisations refer to the OAIC’s <i>Data breach notification guide: A guide to handling personal information security breaches</i> to help implement a data breach policy and response plan.
ASIC chairman Greg Medcraft said the report was issued because cyber attacks are a major risk for the financial services community.
"The electronic linkages within the financial system mean the impact of a cyber attack can spread quickly—potentially affecting the integrity of global markets, and trust in the financial system,” he said in a statement.
"We will consider incorporating cyber resilience in our surveillance programs, across our regulated population."
Follow Hamish Barwick on Twitter: @HamishBarwick