ASIC calls out 'alarming' cyber security deficiencies in AFSLs

ASIC AFSL cybersecurity cybercrime Joe Longo

14 November 2023
| By Jasmine Siljic |
expand image

ASIC has urged organisations to implement greater cyber security management, with an alarming number of firms not managing third-party or supply chain risks.

The corporate regulator released its Cyber Pulse Survey, exposing numerous deficiencies in organisations’ risk management of cyber threats. 

Across the 697 participants surveyed, 42 per cent hold an Australian financial services licence (AFSL).


ASIC revealed that 44 per cent of participants do manage third-party or supply chain risk. 

Joseph Longo, ASIC chairman, described the statistic as “alarming”. 


“Third-party relationships provide threat actors with easy access to an organisation’s systems and networks.

“For all organisations, cyber security and cyber resilience must be a top priority. ASIC expects this to include oversight of cyber security risk throughout the organisation’s supply chain.”

Some 58 per cent have limited or no capability to adequately protect confidential information.

With 33 per cent not having a cyber incident response plan, ASIC said organisations are more reactive than proactive in their approach to managing cyber security. 

Large organisations consistently self-report more mature cyber capabilities. Meanwhile, smaller businesses fall behind in their third-party risk management, data security, consequence management and adoption of industry standards due to their size.

An overwhelming majority (95 per cent) of respondents opted to receive an individual report which provides insights into their cyber resilience in comparison to peers. 

“This demonstrates a commitment to improving their organisation’s cyber resilience,” ASIC commented. 

Longo emphasised the need to go beyond security alone and build up cyber resilience – the ability to respond and recover from an incident.

“It’s not enough to have plans in place. They must be tested regularly – alongside ongoing reassessment of cyber security risks.

“An effective cyber security strategy, and governance and risk framework, should help identify, manage and mitigate cyber risks to a level that is within the risk tolerance of senior leadership and boards,” he continued.

With the financial services industry being 300 times more likely to experience a cyber attack, financial advice firms have been previously urged to consider the volume of client information they hold and how it can be safeguarded.

Fraser Jack, founder of The Cyber Collective, explained earlier this year that hackers look to infiltrate the trusted relationship between a client and their adviser. 

“It’s important for advisers to get on the front foot and educate their clients about the cyber security in place to protect their data,” he said.

Read more about:


Add new comment

The content of this field is kept private and will not be shown publicly.

Recommended for you

sub-bgsidebar subscription

Never miss the latest news and developments in wealth management industry




Well done Keith and Neil, these Canberra Bureaucrats need to be stopped. ...

11 hours ago

WHEN I RETIRED A LOT OF GUY'S WERE STILL PRACTICING FORMS OF COLD CALLING. There nothing wrong with it as a way of estab...

1 day 10 hours ago

I thought you joined a dealer to be protected and have a better version of regulation explained, BUT The dealers themsel...

1 day 11 hours ago

ASIC has cancelled the AFS licence of a Sydney wealth firm, the fifth Sydney firm to see a cancellation since the start of the year....

1 week 1 day ago

A former financial adviser has been banned by ASIC from providing financial services for inappropriate advice, among multiple breaches....

3 weeks 2 days ago

ASIC has suspended the AFS licence of a Melbourne fund manager responsible for six managed investment schemes....

2 weeks 2 days ago