Most companies can't adequately protect personal info: ASIC

The news: Most companies don't have the capacity to protect customers' personal data, ASIC says, as it calls for greater vigilance against cyber threats.

The numbers: ASIC's cyber pulse survey found 58% of participating companies had limited or no capacity to adequately protect confidential information, while 44% failed to manage third-party or supply chain risk. A third of companies had no response plan for cyber incidents and a fifth had not adopted a cybersecurity standard, the corporate regulator found.

The context: Cybersecurity incidents have been on the rise in recent years, with more than a fifth of Australian businesses reporting a cyber security incident in the 2022 financial year, according to ABS statistics. In 2020, the figure was only 8%.

What they said: ‘There is a need to go beyond security alone and build up resilience — meaning the ability to respond to and recover from an incident," ASIC chair Joe Longo said in a statement.