Financial System Inquiry (FSI) chair David Murray has called for government and other financial system stakeholders to tighten processes to counter the growing threat of cyber-crime.
Recommendation 38 in the final report of the FSI said the government's 2009 Cyber Security Strategy should be updated to reflect changes in the threat environment. It also called for improved cohesion in policy implementation and greater collaboration across the industry and between the public and private sectors.
The report also recommended that the government establish a formal framework for cyber security information sharing and response to cyber threats.
"As observed in the Interim Report, cyber-attacks are increasing in frequency and sophistication," the report said.
"The financial industry is a major target of cyber-crime and is under increasing threat as the number of high-value targets in the sector grows.
"A financial sector cyber crisis could result in system-wide impacts and significant consumer detriment."
The report also expressed concern that some institutions' responses to cyber threats were insufficient in the face of growth in interconnectivity, increasing network speeds and the broad distribution of technology. It added that some industry participants believe the cyber security of the financial system as a whole is only as strong as its weakest link.
Australia has a Cyber Security Strategy (CSS) in place, released in 2009, that outlines a whole-of-government cyber security policy, but Inquiry submissions indicate that it is out-of-date and not suited to today's threat environment.
"Given the rapidly changing nature of cyber space and the threat environment, government should act to ensure Australia has an updated and cohesive CSS," said the report.
"Updating the CSS, developing formal mechanisms for public-private sector information sharing and clarifying public and private sector roles in a cyber-crisis would help to improve the resilience of the financial system," the FSI concluded.
"It would better prepare the financial sector, government and other industry sectors to respond in a timely and coordinated manner to evolving cyber threats."