More than half of respondents to an ASIC cybersecurity survey have been flagged for lacking adequate information protections.
Fifty-eight per cent of respondents were considered to “have limited or no capability to protect confidential information adequately”.
A total of 697 companies took part in the cyber pulse survey for 2023.
The survey found that most Australian companies are reactive, and not proactive when it comes to cybersecurity management.
Third-party risk
Further, 44 per cent in the survey didn’t manage third-party cybersecurity risks, where access from outside workers was concerned.
“It was alarming that 44 per cent of participants are not managing third-party or supply chain risks,” ASIC Chair Joe Longo said.
Smaller companies were generally behind larger companies with more time and money to implement stronger cyber controls.
“It’s not enough to have plans in place. [Systems] must be tested regularly – alongside ongoing reassessment of cyber security risks,” Mr Longo added.
DP World incident
Coincidentally, ASIC’s report has hit the public only 72 hours after Australian port operators were hit with a cyberattack.
On Friday, DP World Australia was targeted by an unclear type of cybersecurity intrusion.
In turn, four major ports across Australia had to shut down operations where DP World was involved.
The company handles some 40 per cent of all container traffic in and out of Australia.
But the risk to shareholders from cyber criminals is very real.
Numerous ASXers at risk
In recent history, healthcare coverage provider Medibank (ASX:MPL) was hit by an attack that led to the release of confidential customer information.
Shareholders punished the company with Medibank’s share price falling for months in response.
The price plummeted in October of 2022 and didn’t make back those gains until April of 2023.
While its recovery could be considered relatively fast-paced, the chart makes clear just how badly a cyberattack can impact valuation.
Listed law group IPH Limited (ASX:IPH) also called a trading halt in early 2023 following a cyber-attack on third parties.
That same month, the University of Wollongong Professor Alex Frino released his findings that only a fraction of ASX companies hit by cyberattacks ever reported the breaches.
“25 of the cyber attacks were only reported in the press, while only 11 were made public via ASX announcements,” Mr Frino wrote in a report cited by iTnews.