The ASX and the Australian Securities and Investments Commission (ASIC) have invited the 100 largest companies listed on the Australian Securities Exchange to participate in an assessment of their cyber security posture.
The ASX 100 Cyber Health Check is a voluntary process that will benchmark “benchmark the levels of cyber security awareness, capability and preparedness within Australian business,” a statement issued by ASX said.
Participants will receive a confidential assessment of their capabilities, with the data gathered during the process informing a public report to be released in March 2017. Responses will be confidential, with the report to draw on aggregated data.
The program is based on the UK’s Cyber Governance Health Check for the FTSE 350.
“The ASX 100 Cyber Health Check has brought together government, regulators and industry on an issue of critical importance to Australian business and the millions of investors who hold shares in Australian companies,” ASX group executive Amanda Harkness said in a statement.
“The sharing of best practice, and increased awareness and engagement by directors of listed companies are important steps in building the cyber resilience of Australian business.”
“The better informed boards become, the more effectively they can assess their cyber security risks and opportunities, including identifying areas where improvement is required,” Harkness said. “Participation will reassure shareholders and the broader community that boards are actively engaged in addressing cyber issues.”
The health check involves a survey to be completed by a company’s chairperson, audit committee chair or risk committee chair. A partner from a company’s audit firm will interview the respondent and aid in the completion of the survey.
The survey covers seven broad areas including security of customer data, response to security incidents, security awareness, risk management, leadership and an understanding of the cyber security threats that enterprises face.
In creating the health check, ASX and ASIC were aided by the Department of the Prime Minister and Cabinet, CERT Australia and audit firms KPMG, Deloitte, EY and PwC.
The national cyber security strategy, released earlier this year, said the government would “introduce national voluntary Cyber Security Governance ‘health checks’ to enable boards and senior management to better understand their cyber security status.”
“ASX 100 listed businesses will have the opportunity to improve their cyber security governance by participating in voluntary governance ‘health checks’,” the strategy stated.
“The governance health checks will enable boards and senior management to better understand their cyber security status and how they compare to similar organisations.”