ASIC seeks to assess corporate cyber resilience

The Australian Securities and Investments Commission (ASIC) has launched a survey to measure cyber resilience in Australia’s corporate and financial markets.

ASIC-regulated entities, including publicly listed companies, have been invited to participate in the ASIC cyber pulse survey, will measure entities’ current cyber security and controls, governance arrangements, and incident preparedness. 

The survey will be one of the largest conducted into Australia’s cyber resilience.  

The Australian Cyber Security Centre estimated cybercrime cost Australia $42 billion in 2021.

ASIC Executive Director, Markets, Greg Yanco said, ‘recent high-profile cyber attacks demonstrate the need for all businesses to have robust cyber capabilities. Cyber attacks are becoming more frequent and complex and are not limited to companies with large retail customer bases.’

‘Cyber attacks can disrupt an organisation’s business operations and result in financial, legal and reputational harm. The interconnectedness of our financial system can mean the impact of cyber attacks can spread well beyond a single entity. This self-assessment will provide valuable insights to entities on their own cyber resilience measures compared to their industry peers,’ said Mr Yanco.

ASIC expects directors of public companies to ensure their organisation’s risk management framework adequately addresses cybersecurity risk, and that controls are implemented to protect key assets and enhance cyber resilience.

Participation in the survey is voluntary, with all responses anonymised. The survey has been designed to help an entity assess its ability to: 

govern and manage organisational-wide cyber risks   

identify and protect information assets that support critical business services 

detect, respond to and recover from cyber security incidents.

The survey is accessible to ASIC regulated entities by logging into the ASIC Regulatory Portal, and following the link provided.

ASIC will publish a report with key findings from the survey later this year.

More information on the cyber pulse survey is at

All information collected will be de-identified and anonymised and cannot be used in any regulatory or enforcement action.