Starting next year, APRA will be asking boards to engage an external auditor to comprehensively review their compliance with CPS 234 on information security.
APRA has announced a new Cyber Security Strategy for 2020 to 2024, aimed at lifting cybersecurity standards and introducing heightened accountability where companies fail to meet the requirements.
The new Cyber Security Strategy is designed to complement Australia’s Cyber Security Strategy 2020, released in August, and builds on existing prudential requirements including those under CPS 234 on information security, which came into force in July 2019.
“Our mission is to make a step change in Australia’s financial system cyber resilience. Our vision is for a financial system that can stand firm against cyber-attacks,” said APRA Executive Board Member Geoff Summerhayes in an industry forum on Thursday (26 November).
Last November, Summerhayes indicated that APRA had plans to take a tougher approach to ensure financial firms remained resilient to cyber threats, including through additional guidance on service provider management, among other measures.
To date, no APRA-regulated bank, insurer or…