The Australian financial services regulator wants to shore up the security of Australia’s finance industry by making banks adhere to a cyber security prudential standard.
Until now, information security risk management has been covered under a practice guide – which provides guidance on how supervised institutions can satisfy the prudential standards – as well as under two broader risk management standards.
But the Australian Prudential Regulation Authority (APRA) now wants to create a dedicated prudential standard for cyber security to ensure financial services firms are keeping their systems secure against the latest trends in attack.
Prudential standards are legally binding and set out minimum capital, governance and risk management requirements.
APRA revealed it was intending to make cyber security a prudential requirement in its policy priorities paper [pdf] for 2018 in late January, but declined to provide any information at that time.
It undertook consultation with industry over the proposal throughout the beginning of this year, and today released its proposed cyber security standard for further consultation.
“The package is aimed at shoring up the ability of…
