ASIC Sounds Alarm on Cyber Resilience

ASIC has issued an urgent call to action on cyber security, warning that the rise of frontier artificial intelligence is accelerating threats at a speed and scale the financial services sector is not yet prepared for.

In an open letter to industry, ASIC Commissioner Simone Constant said cyber risk has entered a new era. The misuse of advanced AI models, she warned, can expose security vulnerabilities far faster than many organisations realise — turning what once seemed like isolated weaknesses into system-wide failures capable of enabling entirely new forms of exploitation.

"The clock is at a minute to midnight," Commissioner Constant said. "If you aren't on top of your cyber resilience already, the time to act and prepare is right now."

The letter follows ASIC's recent Federal Court outcome against FIIG Securities Limited, which reinforced that cyber risk management controls must be demonstrably effective and proportionate to the size and complexity of a business. The message is that cyber resilience is a core licensing obligation, not an IT department problem.

ASIC is calling on boards and executives — not just technology teams — to take direct ownership of cyber risk governance. For insurance brokers, this means reviewing incident response plans, stress-testing business continuity arrangements, and ensuring that third-party service providers don't introduce systemic vulnerabilities into your operations.

The regulator's recommended steps include regularly auditing user access privileges, patching systems promptly, minimising exposure to untrusted networks, and implementing defence-in-depth architectures that assume a breach will occur rather than simply trying to prevent one.

ASIC also encourages licensees to use AI proactively for defensive purposes — including identifying software vulnerabilities before they can be exploited.

Entities are required to table the letter at their board and risk governance committees.

Brokers seeking practical guidance can access the Australian Signals Directorate's resources, as well as the Australian Government's free and anonymous Cyber Health Check tool, which provides a tailored action plan to lift cyber security fundamentals.