The Australian Securities and Investments Commission (ASIC), the country’s corporate and financial services regulator, has issued an urgent call to all licensees and market participants to strengthen their cyber resilience as frontier artificial intelligence accelerates the global threat landscape.
In an open letter to industry, ASIC warned that although cyber risk is not new, the misuse of cutting-edge AI models could expose security vulnerabilities with a speed, scale, and sophistication previously unseen. The regulator stressed that firms should not delay in addressing foundational cyber security before advanced AI tools become even more widespread.
The letter, signed by ASIC Commissioner Simone Constant, sets out a broad range of actions entities should take immediately. These include reassessing cyber plans to focus on the most pressing risks, identifying and protecting critical assets, minimising the attack surface by limiting system exposure to untrusted networks, and reviewing user access privileges. Firms are also urged to patch systems promptly given that AI is accelerating the pace at which vulnerabilities are discovered and exploited, to adopt layered defence-in-depth architectures, maintain and regularly test incident response plans, and actively manage third-party risks — particularly where third parties introduce systemic or concentration exposure. ASIC also recommends deploying AI for defensive purposes, including to identify weaknesses and secure software prior to release. Regulated entities are required to table the letter at their ultimate board and risk governance committees.
ASIC’s letter referenced its recent successful enforcement action against FIIG Securities Limited, which was ordered to pay $2.5m following failures in cyber security. The regulator used that outcome to reinforce that cyber risk management controls must be demonstrably effective and proportionate to the size and complexity of the business involved. ASIC added that it will continue working with other regulators, agencies, and industry to monitor cyber risks and encourage consistent expectations across the financial system. The regulator also pointed firms towards the Australian Government’s free and anonymous Cyber Health Check tool, which generates a tailored action plan with practical steps for improving cyber security, as well as guidance from the Australian Signals Directorate.
ASIC is Australia’s integrated corporate, markets, and financial services regulator. It oversees a wide range of licensees and market participants, with a mandate that includes ensuring firms maintain adequate governance and risk management frameworks across their operations.
ASIC commissioner Simone Constant said, “Cyber risk has entered a new era. The advent of frontier AI models creates opportunity, but also materially increases risk, with the ability to expose vulnerabilities far faster than many realise.”
“In this new world, weaknesses that once seemed isolated can now have a system-wide domino-effect, enabling new forms of exploitation that were previously out of reach for most malicious actors.”
Ms Constant continued, “Entities need to have robust incident response plans. Whether an entity faces a basic phishing attempt or a more sophisticated cyber attack, the underlying cyber risk management principles of govern, protect, detect, respond remain the same.”
“Appropriate cyber risk management starts at the leadership of licensees and participants. Boards and executives must ensure systems are tested, weaknesses are addressed early and that action is taken before threats can be exploited.”
“The clock is at a minute to midnight – if you aren’t on top of your cyber resilience already, the time to act and prepare is right now.”
Copyright © 2026 FinTech Global
