APRA has unveiled a new cyber security strategy and flagged it will step up its review of current cyber compliance, holding boards accountable for shortfalls.
The prudential regulator’s cyber security strategy for 2020 to 2024 seeks to lift cyber security standards and introduce heightened accountability where companies fail to meet their legally binding requirements.
In a speech to the Financial Services Assurance Forum yesterday, Geoff Summerhayes, executive board member of APRA said the new strategy seeks to safeguard an increasingly connected network of financial entities, increase board oversight and improve basic cyber hygiene practices.
Summerhayes said APRA wants to “eradicate unnecessary or careless cyber exposures” by establishing a baseline of cyber controls. It is starting with sharpening its enforcement CPS 234 compliance.
CPS 234 was introduced last year to shore up the sector’s cyber resilience and requires banks, insurers and superannuation funds to maintain security capabilities, conduct regular tests and notify the regulator if incidents occur.
Boards will be required to engage an external audit firm to review CPS…