Financial Crime World

Financial Institutions Step Up Cyber Security Measures in Australia

The Australian financial system is facing an increasingly sophisticated and impactful threat from cyber-attacks, which are consistently ranked among the top risks to the country’s financial sector by the Council of Financial Regulators (CFR).

Growing Concerns

Despite no organisation being immune to attacks, recent incidents have highlighted the need for government and regulatory agencies to strengthen collaboration to mitigate the impact of cyber-attacks on the financial system.

Initiatives Launched by the CFR

To address these concerns, the CFR has launched several initiatives aimed at improving the cyber resilience of Australian financial institutions. These include:

  • Developing a domestic cyber-attack protocol with New Zealand financial regulators
  • Releasing the Cyber Operational Resilience Intelligence-led Exercises (CORIE) framework to test and demonstrate the cyber maturity and resilience of institutions within the industry

CORIE Framework Update

The CORIE framework was reviewed in March 2022 following a pilot exercise involving several financial institutions and market infrastructure providers. The CFR has since endorsed an updated framework for a broader rollout of the testing program.

Strengthening Collaboration and Information Sharing

The CFR is working closely with:

  • The Department of Home Affairs on the development and implementation of new cyber-security obligations for critical infrastructure assets
  • Government agencies through joint meetings with the Cyber Security Regulator Network, including:
    • Australian Competition and Consumer Commission (ACCC)
    • Office of the Australian Information Commissioner (OAIC)
    • Australian Communications and Media Authority (ACMA)
    • Cyber and Infrastructure Security Centre (CISC)

Enhanced Collaboration with ACSC

The CFR’s Cyber Security Working Group is also engaging closely with the Australian Cyber Security Centre (ACSC) to address cyber threats prior to and during incidents. These efforts aim to improve the timeliness, effectiveness and efficiency of regulatory activity related to cyber security.

Conclusion

As the frequency and impact of cyber-attacks continue to rise, it is clear that financial institutions in Australia must step up their game when it comes to cyber security measures. The initiatives launched by the CFR demonstrate a commitment to protecting the country’s financial system from these growing threats.