In a speech to a Bloomberg event published on the ASIC website, ASIC chairman Greg Medcraft said technological advances have led to the rise of online attacks worldwide.
“An example of the sobering effect of cybercrime occurred earlier this year when 76 million household and seven million small business accounts were reported to be compromised in a cyberattack on JP Morgan Chase in the United States,” he said.
He said ASIC was working with the International Organisation of Securities Commissions and the Committee for Payment and Market Infrastructure on a range of projects to safeguard financial markets.
On an organisational level, he identified risk management as the best means of combatting online threats.
“Risk management systems must be granular enough to ensure a good level of resilience in an organisation,” he said.
“Boards should also be alive to the risk of a cyberattack as part of their risk-oversight role.”
According to Mr Medcraft, ASIC is currently developing an analytical framework to judge organisations’ cyber resilience, providing a rating from “partial” to “adapative”.
An adaptive organisation would be one that “actively adapts to a changing cyber landscape and responds to evolving threats in a timely matter,” he said.
He argued co-operation between the financial services industry and regulators would be crucial to minimising cyber risks.
“To be successful, we must both be agile and always have an eye on the future – otherwise we will be left behind,” he said.
