Earlier this year, ASIC released a report titled “Cyber resilience: Health Check” which sets out a checklist of risks that are worth considering to ensure regulated businesses are more resilient to hacking attempts.

The checklist is more modern and useful than the report’s title might lead the more tech-savvy reader to conclude, and suggests that regulated businesses review important matters relating to IT security risks including:

1. Whether they have implemented a NIST Cybersecurity Framew0rk;
2. What information, data or operational assets are essential to the continuity of the business;
3. The main IT security risks that the business faces;
4. The main IT security risks that third party suppliers to the business face;
5. Testing of IT systems for vulnerabilities; and
6. Response, recovery and emergency planning.

Regulated business face compliance obligations that can be complicated by IT security risks.  An IT security breach may well imperil a license such as an Australian Financial Services Licence as well as causing disruption, loss and damage to the business.

For more information please contact Daren Anderson.