ASIC wanting to work with industry to bolster online security

The Australian Securities and Investments Commission (ASIC) is working to encourage collaboration between industry and government in a bid to improve Australia's resilience against online attacks.

In a report released on Thursday, the Australian industry regulator said it wants to help local organisations improve their digital security resilience by increasing awareness of online risks, identifying opportunities for companies to improve their resilience, and encouraging collaboration.

ASIC's Report 429, Cyber resilience: Health check, highlights international developments in the ongoing fight against online risks that have seen an increased focus on industry information sharing and public-private sector collaborations.

"We expect our regulated population to engage with government initiatives to improve information sharing to address cyber risks, including notifying relevant authorities of a cyber attack," said the report. "We encourage collaboration with industry and the government to ensure responses to cyber attacks can be coordinated and information on risks shared."

ASIC chairman Greg Medcraft said that online attacks are a major risk for ASIC's "regulated population", and, as such, digital resilience is an increasingly important area of focus for the commission.

"The electronic linkages within the financial system mean the impact of a cyber attack can spread quickly -- potentially affecting the integrity and efficiency of global markets, and trust and confidence in the financial system," he said. "This report outlines some 'health check prompts' to help businesses review their cyber resilience -- including flagging relevant legal and compliance requirements, particularly on risk management and disclosure.

"We encourage businesses, particularly where their exposure to a cyber attack may have a significant impact on financial consumers and investors or market integrity, to consider using the United States' NIST Cybersecurity Framework to manage their cyber risks or stocktake their risk-management practices," he said.

The establishment of the NIST Cybersecurity Framework followed the signing of the Improving Critical Infrastructure Cybersecurity Executive Order by US President Barack Obama in February 2013.

The Executive Order was intended to enable the government to share more information with private industry partners and develop a new framework of practices to reduce online security risks.