The Australian Securities and Investments Commission (ASIC) on Friday issued an open letter urging licensees and market participants to strengthen cyber resilience, saying frontier artificial intelligence (AI) is increasing the speed, scale and sophistication of cyber attacks.
ASIC said cyber resilience is a core licensing obligation, not just an information technology issue, and that the letter must be tabled at entities’ ultimate board and risk governance committees.
The regulator listed 12 steps it expects entities to take, including patching systems promptly, reviewing user access and privileges, preparing incident response plans, managing third-party risks and protecting critical assets.
“Cyber risk has entered a new era. The advent of frontier AI models creates opportunity, but also materially increases risk, with the ability to expose vulnerabilities far faster than many realise,” said ASIC Commissioner Simone Constant.
ASIC referenced its recent court outcome against FIIG Securities Limited, which the regulator said reinforced that cyber risk management controls must be demonstrably effective and proportionate to the size, nature and complexity of a business.
The letter follows a similar warning from the Australian Prudential Regulation Authority (APRA) last month on AI adoption and cyber risk across its regulated entities.
