Addressing increasing cyber threats in Australian financial services
In the face of rising cybercrime rates and increasingly sophisticated criminal attacks, some of the world’s largest brands, including those in Australia, have fallen victim to major data breaches in recent years. Recognizing the need to strengthen cyber resilience in the financial services sector, the Australian Prudential Regulation Authority (APRA) has undertaken an extensive study to address compliance gaps and raise the bar for cyber security in the industry.
As part of APRA’s 2020-2024 Cyber Security Strategy, over 300 banks, insurers, and superannuation trustees will participate in an independent tripartite cyber assessment. This landmark study, the largest of its kind conducted by APRA, requires regulated entities to appoint an independent auditor to evaluate their compliance with prudential standard CPS 234 Information Security (CPS 234).
CPS 234 aims to ensure that regulated entities have robust prevention, detection, and response capabilities to withstand cyber security threats. The decision to conduct the tripartite assessment follows a successful small pilot program completed in mid-2021. Initial findings from the pilot and the first tranche of assessments have revealed concerning gaps across the industry.
When compliance gaps and breach reporting are identified, APRA enhances its supervisory oversight to ensure that entities rectify cyber resilience deficiencies and meet their CPS 234 obligations. This rigorous approach is crucial given the risk cyberattacks pose to both financial institutions and the Australian community at large.
The cyber assessments conducted by APRA form an integral part of its ongoing efforts to strengthen the cyber security posture of the financial services sector. By identifying vulnerabilities and non-compliance, APRA aims to drive improvements and foster a culture of robust cyber resilience across the industry.
The results of the tripartite cyber assessment, coupled with APRA’s supervisory oversight and remediation efforts, will play a pivotal role in enhancing the cyber security preparedness of financial institutions in Australia. As cyber threats continue to evolve, APRA remains committed to staying ahead of the curve and ensuring the safety and security of the financial services industry and the customers it serves.