The alert "ASIC calls for urgent cyber uplift as AI accelerates cyber threats" issued on May 20261 serves as a critical call to arms for financial services licensees and organisations across Australia, urging immediate action to strengthen cyber resilience in the face of AI-driven threats.
As artificial intelligence accelerates the speed and severity of cyber risk, ASIC (Australian Securities & Investments Commission) highlights the unprecedented scale of vulnerabilities at risk and reminds industry that robust cyber security must be treated as a core licensing obligation. The reality already proves that next-generation AI models can expose organisational cyber weaknesses far more quickly and in this rapidly evolving environment, the imperative to optimise cyber security and incident management is greater than ever.
ASIC's recent court outcome against FIIG Securities Limited2 reinforced the legal case for cyber risk management controls to be demonstrably effective and proportionate to the size, nature and complexity of a business.
Together, these developments highlight a closer alignment between regulatory scrutiny, governance oversight and the evolving cyber threat landscape. This includes exposures arising not only within internal environments, but across external providers and interconnected systems.
Why AI innovations introduce new cyber threats
The issue is not that developments in AI introduce new threats but rather they substantially reduce the cost and complexity of executing sophisticated attacks. This has implications for the speed, scale and coordination of malicious activity.
Klaus Lejon, national practice leader, Cyber and Technology at Gallagher, states: "The time has come to act! Government response to the rapidly changing AI and cyber threat landscape is sometimes delayed. It's encouraging that regulators such as ASIC, APRA, OAIC and CISC are reacting promptly and assisting companies to reduce exposure and implement tangible risk mitigation frameworks. The proactive interaction between government, private sector and industry specialists such as insurance is critical to ensure we react quickly to assist Australian businesses navigate the AI challenges".
AI-enabled tools can support the rapid generation of phishing campaigns, accelerate vulnerability identification and enable more convincing social engineering executed with a persuasiveness that once required considerable human effort. In combination, these capabilities can allow relatively minor weaknesses to be exploited in ways that lead to more significant, cascading incidents.
What your organisation should do now: Key actions to counter rising AI-fuelled cyber risks
Here's how organisations can strengthen cyber resilience as ASIC urges critical actions with these practical steps from cyber governance to incident preparedness:
Cyber risk governance
- Reassess your cyber plans and refocus efforts on the most critical risks in today's threat environment.
- Confirm your cyber risk, governance and overall risk and decision-making frameworks by considering the cumulative impact of interrelated vulnerabilities and facilitate clear decision making and escalation at the pace necessary to manage risk.
Cyber security fundamentals
- Strengthen cyber security fundamentals by regularly reviewing and validating core controls.
- Minimise attack surfaces by reducing exposure of systems and services to untrusted networks.
- Patch systems promptly, recognising that AI is accelerating vulnerability discovery and exploitation.
- Review and strengthen patch management processes, considering challenges daily patching may present to identification, testing, and governance of critical updates.
- Implement layered, defence-in-depth architectures that assume breach and restrict lateral movement.
- Use AI for defensive purposes, where appropriate, including identifying vulnerabilities and securing software before release.
- Actively manage third-party risks, particularly where services introduce concentration or systemic exposure.
Critical asset and access management
- Identify and protect critical assets and systems, with a clear understanding of what matters most to your business and customers.
- Regularly review user access and reassess privileges to protect against unauthorised access.
Incident preparedness and response
- Prepare for incident response by maintaining and rehearsing incident response plans and playbooks including business continuity plans and identification of highest priority services, channels and platforms.
ASIC reminder about government cyber support resources
ASIC encourages the use of the Australian Government's Cyber Health Check3 which provides a tailored action plan with simple, actionable steps to improve cyber security4, in addition to ASD (Australian Signals Directorate) and ASIC cyber resilience resources5.
How Gallagher can help
Investment in cyber security and advanced risk mitigation, compliance and insurance risk transfer are now essential to survive the current cyber threat landscape for companies in all sectors, including the financial services industry.
Our cyber specialists work with mid-market, corporate and multinational organisations across all industries, providing bespoke cyber insurance program design, risk advice and placement solutions. Additional cyber security services are available through Gallagher partnerships and providers.
