While awareness and management of cyber security risks were improving, there was still room for improvements.
But in 2019, Australian financial firms are now more cyber resilient than ever.
Firms assigned themselves ratings from “partial” (“policies and procedures are not formalised, responses are reactive”) to “adaptive” (“policies and procedures evolve in response to changes in cyber security threats”).
Large firms showed steady improvement from the last time the survey was conducted, with substantial progress in the areas of staff awareness and training.
“The two areas that showed the most improvement (16 per cent improvement on cycle 1) include awareness and training programs (77 per cent ‘repeatable’ or ‘adaptive’) and user access management (91 per cent ‘repeatable’ or ‘adaptive’),” the report read.
“However, given the importance of employees as a line of defence against cyber security events, there is still room for improvement in user awareness and training.”
However, there were some pitfalls.
“Due to the complexity of large firms and the breadth of services they offer, asset management (20 per cent ‘partial’…