Forum Discussion

Fraser.Jack's avatar
Fraser.Jack
Icon for Advisely Partner rankAdvisely Partner
2 years ago

Who proactively asks their software stack providers about security?

The results are in from ASIC's Cyber Pulse Survey, and the report has been released (12th November 2023). So much to unpack!

One of the points they make is around supply chain risk.

Without looking at the survey, I'm interested to know your thoughts on the percentage of advice firms that have already asked their software stack providers about the levels of security they have in place and can provide the evidence to show they did their DD.

What percentage do you think have this on file?

 

 

  • Great point Fraser.Jack something I know we need to be more diligent about gathering, I would think less than 10% would have any evidence on file, hopefully I'm wrong.

  • deborah.kent's avatar
    deborah.kent
    Icon for Advisely Index Top 10 rankAdvisely Index Top 10

    Fraser, we have an external IT guy who has ensured that we have all the necessary programs in place for cyber security, he also provides us with due diligence on any providers doesn't mean he is always happy with the answers he gets, however having someone external is a good thing for us as we would not be looking at this all the time.

  • siran.taylor's avatar
    siran.taylor
    Icon for Iress Contributor rankIress Contributor

    Foe those who are not aware, the Iress Community now has a self serve section in the Trust Centre Knowledge Base.

    This is a great first port of call for locating any of the standard Due Diligence documentation regarding Xplan and Iress.

  • roccomusumeci's avatar
    roccomusumeci
    Exploring Newcomer

    I'm glad ASIC is keeping cybersecurity top of mind. Regarding supply chain risk, my guess is fewer than 20% of firms have proactively vetted their software vendors' security. Many see it as the vendor's responsibility. But we must take ownership too. If we don't ask the tough questions, we may be caught unaware. I think framing security reviews as collaborative partnerships, not interrogations, can open doors. Protecting client data is a shared priority.