top of page
  • davidroberts137

Data security and third-party risk management gaps in Australian organisations

If the latest Cyber Pulse survey from AISC is indicative of Australian organisations there is still a way to go in cyber maturity and data protection.

The survey included 697 organisations of different sizes, types and sectors and assessed maturity across six areas: governance and risk management, identifying information assets, protecting information assets, detecting cyber security events, responding to cyber security incidents, and recovering from cyber security incidents.

The top two areas identified for improvement are:

1. Supply chain risk management - effective assessment, identification and management of cyber / information risk in third parties such as suppliers, vendors services providers and partners.

2. Data security - identification and protection of information assets.

The survey found that 69% of respondents minimal or no capabilities in supply chain and third-party risk management. This is not new - assessing third parties for risk has been going on for many years, even decades. So, it is surprising for this to be the #1 area for improvement given:

1. Vulnerabilities in third parties with weaker cyber capabilities are a known way to breach a larger organisation and is a leading factor in many data breaches.

2. There are mature capabilities in the market that can support a third-party risk management capability with automated workflows and assessments, using data from global organisations who specialise in assessing 3rd party cyber risk.

Perhaps even more concerning was that 58% of organisations have limited or no capability to protect confidential information adequately. Despite the highly publicised data breaches, increased cyber threat from state actors and criminal organisations and the availability of mature solutions in the market there is still a way to go for most organisations to have in place good data stewardship practice.

It doesn't go into the reasons why these areas haven't been a priority. Certainly, it's not because the risk has decreased or there are no products/capabilities to support organisations wanting to improve their maturity.

If you are interested in learning more about solutions to improve maturity and reduce the risk of a data breach, please reach out:

See the full report here:

ASIC - the cyber pulse survey_rep776-published-13-november-2023
Download PDF • 1.04MB

15 views0 comments

Recent Posts

See All


bottom of page