Corporate watchdog warns of ‘significant’ cyber risk from outsourcing

Corporate watchdog warns of ‘significant’ cyber risk from outsourcing

Managing cyber partners and vendors poses challenge to Australia’s financial markets

Credit: Dreamstime

Australia’s corporate regulator has warned of the use and management of third-party cyber security providers in the financial markets.

According to the Australian Securities and Investments Commission (ASIC), the practice of outsourcing cyber security to third-party vendors and partners has inadvertently led to a heightened threat risk to both large and small enterprises.

The regulator claimed supply chain risk management has become a significant challenge, especially for small-to-medium enterprises with half remaining either partially or fully risk-informed.

In the report, Cyber resilience of firms in Australia’s financial markets, ASIC said SMEs were driving improvements to cyber resilience but that outsourcing had “created difficulties” in the cyber management risks.

Although improvements in supply management are expected to be a focus over the next 18-to-24 months this is expected to be gradual.

Meanwhile, larger organisations have identified supply-chain management as an area of improvement due to their complexity and breadth of services they offer.

“Overall, robust procedures are in place,” ASIC’s report said. “Third parties are prioritised by the risk they pose to the business, and this is reflected in the frequency they are assessed.”

However, upon external examination by credit rating agencies, ASIC indicated there was still no formal approach to third-party risk assessment.

The report is a follow up to ASIC’s 2017 cyber resilience study, in which 101 firms across the financial markets sector completed a self-assessment survey on their cyber resilience.

Since then, according to ASIC, there has been an overall improvement, with an average increase of 15 per cent across all cyber resilience functions, which includes areas of training and protective processes. 

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags AustraliaASIC


ARN Innovation Awards 2022

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

EDGE 2022

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.

Show Comments