Get all your news in one place.
100’s of premium titles.
One app.
Start reading
AAP
AAP
Politics
Kat Wong

'Alarming': big gaps in organisations' cyber security

The cyber attack on DP World has highlighted deficiencies in Australia's corporate data protection. (Dean Lewins/AAP PHOTOS)

The confidential information of Australians could be at risk after a survey from the corporate regulator revealed many organisations had limited or no capability to adequately protect data.

A report from the Australian Securities and Investments Commission comes as the Albanese government weighs up new laws to deal with cyber security breaches.

Almost one in two survey respondents were not managing third-party or supply chain risk, even though these relationships could provide bad actors with easy access to an organisation's systems and networks.

A third of organisations did not have a response plan for cyber incidents, and one in five had not adopted a cyber security standard.

ASIC chair Joe Longo called the survey findings "alarming".

Australian Securities and Investments Commission Chair Joe Longo
ASIC chair Joe Longo says companies need to put their cyber security plans to the test regularly.

"There is a need to go beyond security alone and build up resilience - meaning the ability to respond to and recover from an incident," he said on Monday.

"It's not enough to have plans in place.

"They must be tested regularly - alongside ongoing reassessment of cyber security risks."

Many of the organisations that participated in the survey indicated a desire to improve, with 95 per cent opting to receive a report on how their cyber resilience compared to others.

The findings came as freighting company DP World reopened four port operations on Monday after suffering a massive cyber attack, and just over a year after telecommunications giant Optus faced a similar event in which the licences, Medicare, and passport numbers of 10,000 customers were stolen and leaked online.

Minister for Home Affairs Clare O'Neil.
Clare O'Neil is expected to introduce new laws to classify telcos as "critical infrastructure".

Home Affairs Minister Clare O'Neil is expected to introduce new laws to classify telecommunications providers as "critical infrastructure", forcing them to update their cyber security approach and meet minimum standards that apply to other important Australian organisations like energy companies.

"We've dealt with a lot of cyber incidents in the last 18 months," she said during Question Time on Monday.

"We've got a bit to clean up but there's a lot of work under way and I'm proud of the work that has been done so far."

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.