Financial services firms should be able to state their level of cyber security in line with international benchmarks, according to Greg Medcraft, chairman of the Australian Securities and Investment Commission (ASIC).

Medcraft, speaking at a forum at the Bloomberg offices in Sydney, said it was no longer acceptable for organisations to communicate their level of online security with words such as “quite good”.

He envisaged a situation where recognised benchmarks of cyber security would inform the business interaction between financial services firms.

Medcraft is also chairman of the International Organisation of Securities Commissions (IOSCO), which is working on creating such a benchmark, which he described as a scalable analytical framework to gauge the level of cyber-crime resilience of any organisation.

“Unless you have a common way of looking at cyber-crime resilience you cannot communicate effectively,” said Medcraft. “Knowing what level you have will help organisations tell who they are dealing with their levels of security.”

He also revealed that IOSCO is working together to help share intelligence on cyber attacks.

Medcraft said financial services companies should prepare for growing levels of cyber-crime, citing how stock exchanges were being constantly attacked and how this could ultimately impact on the efficiency of capital markets.

The flip side to this was that ASIC is also using technology to its advantage. Medcraft spoke confidently of how pattern-matching by computers could now more easily identify insider-trading.

He issued a warning to such white collar criminals: “We have the power and the resources, we are probably going to catch you and you are probably going to jail.”

Leave a comment