Australian Securities & Investments Commission warns licensees and market participants to urgently strengthen cyber resilience as frontier AI raises cyber risk

The Australian Securities & Investments Commission has issued an open letter calling on all licensees and market participants to act now to strengthen cyber resilience as frontier AI increases the speed, scale and sophistication of cyber threats. The letter, issued by Commissioner Simone Constant, says firms should not wait for AI tools to improve basic cyber security and makes clear that cyber resilience is a core licensing obligation that must be led by boards and executives rather than treated solely as an IT issue. ASIC links the warning to its recent court outcome against FIIG Securities Limited, which it says reinforced that cyber risk management controls must be demonstrably effective and proportionate to the size, nature and complexity of a business. Firms are urged to reassess cyber plans and governance, understand interrelated vulnerabilities, identify and protect critical assets, review core controls, reduce exposure to untrusted networks, tighten user access, patch systems promptly, strengthen patch management, implement layered defences, maintain and test incident response and business continuity plans, manage third-party risks and consider using AI for defensive purposes. All ASIC-regulated entities are required to table the letter at their ultimate board and risk governance committees. ASIC also directed firms to practical guidance from trusted sources including the Australian Signals Directorate and the Australian Government's Cyber Health Check. It said it will continue working with other regulators, agencies and industry to monitor cyber risks and promote consistent expectations across the financial system.