ASIC has issued Report 429 Cyber resilience: Health check (REP 429) which is intended to increase awareness of cyber risks (including data breaches) by ASIC licensees and identify how cyber risks should be addressed as part of current legal and compliance obligations that are relevant to ASIC’s jurisdiction.
Cyber resilience is the ability to prepare for, respond to and recover from a cyber attack.
ASIC considers board participation important to promoting a strong culture of cyber resilience.
The report is specifically addressed to Australian financial services (AFS) licensees, Australian credit licensees, Australian market licensees, clearing and settlement (CS) facility licensees and Australian derivative trade repository (ADTR) licensees. but it has wider application.
If you are a licensee, some of the legal and compliance requirements you must take into account when considering your cyber resilience are highlighted in Appendix 2.
‘Health check prompts’ are set out Table 1.
In the banking sector the report discusses risks in banking transactions, settlement risk, point-of-sale risks and contactless payments.
Appendix 1 lists cyber risks sources and threats and vulnerabilities.