What does this mean for you?
ASIC is now taking enforcement action for a lack of preparedness on cybersecurity compliance. Therefore, it would be prudent for AFSL holders to:
- Develop a cybersecurity framework to reduce cybersecurity risk in accordance with the business’ risk appetite;
- Undertake a cybersecurity risk assessment to test the effectiveness of that framework
- Remediate any gaps or deficiencies found in the risk assessment to bring the residual risk down to an acceptable level.