Industry Cyber-Exposure Report: ASX 200

Measuring exposure and resiliency in Australasia

Read the ASX 200 report

Fresh off the heels of our Industry Cyber-Exposure Report: Fortune 500, Rapid7 researchers examined the level of exposure in Australasia's ASX 200. This report highlights the level of exposure represented by this group of organisations by measuring key exposure metrics. It is important to consider the fact that this level of weakness in the region’s most well-resourced and talent-flush organisations makes it likely that it is even greater in smaller businesses with fewer resources at their disposal.

To learn more, read the Industry Cyber-Exposure Report: ASX 200.

Join the Webcast

Register for our webcast at AEDT 11 a.m. on Thursday, March 28 to hear our researchers explain what this exposure means.

Register Now

Executive Summary

The methodology outlined in this report describes several ways, based on openly available internet connections, to measure the exposure of specific organisations and industry sectors to certain cybersecurity risks. The report covers the following topics:

  • The average attack surface presented on the internet by the top companies in Australasia
  • The prevalence of severely vulnerable services, such as Telnet and Windows file-sharing
  • Corporate adoption of anti-phishing defences such as Domain Message Authentication Reporting & Conformance (DMARC)
  • Companies exposing how many and which cloud service providers they use in their public domain system (DNS) metadata
  • Which industry sectors have been compromised by malware, and how

To learn more about the key findings and analysis, read the Industry Cyber-Exposure Report: ASX 200 in its entirety, and register for our webcast to hear directly from the researchers.

While ASX 200 organisations expose roughly 29 services on average, four organisations across the Financials, Telecommunication Services, and Information Technology sectors exposed more than 100.
Industry Cyber-Exposure Report: ASX 200
Of the appraised ASX 200 organisations, 134 (67%) have weak or nonexistent anti-phishing defences (i.e., DMARC) in the public email configuration of their primary email domains.
Industry Cyber-Exposure Report: ASX 200
Every industry sector in the ASX 200 shows how many and which cloud service providers they use in their public DNS metadata, with 144 organisations using between two and five cloud service providers and some using 10 or more.
Industry Cyber-Exposure Report: ASX 200
;