'Alarming': big gaps in organisations' cyber security

Almost one in two survey respondents were not managing third-party or supply chain risk, even though these relationships could provide bad actors with easy access to an organisation's systems and networks.

A third of organisations did not have a response plan for cyber incidents, and one in five had not adopted a cyber security standard.

ASIC chair Joe Longo called the survey findings "alarming".

"There is a need to go beyond security alone and build up resilience - meaning the ability to respond to and recover from an incident," he said on Monday.

"It's not enough to have plans in place.

"They must be tested regularly - alongside ongoing reassessment of cyber security risks."

Many of the organisations that participated in the survey indicated a desire to improve, with 95 per cent opting to receive a report on how their cyber resilience compared to others.

The findings came as freighting company DP World reopened four port operations on Monday after suffering a massive cyber attack, and just over a year after telecommunications giant Optus faced a similar event in which the licences, Medicare, and passport numbers of 10,000 customers were stolen and leaked online.

Home Affairs Minister Clare O'Neil is expected to introduce new laws to classify telecommunications providers as "critical infrastructure", forcing them to update their cyber security approach and meet minimum standards that apply to other important Australian organisations like energy companies.

"We've dealt with a lot of cyber incidents in the last 18 months," she said during Question Time on Monday.

"We've got a bit to clean up but there's a lot of work under way and I'm proud of the work that has been done so far."