APRA’s new enforcement approach to cyber security may mean financial services firms have to conduct fire drills – where fake viruses or phishing attacks are deliberately spread in their systems – to work out the strength of their systems.
APRA released its new enforcement approach last week, setting out how it will use its enforcement powers to prevent and address serious prudential risks and hold entities and individuals to account.
Amid this climate of tighter regulation, APRA is updating its information security guidelines for the first time since 2013 and financial services entities are under pressure to prevent cyber-crime.
The CPS 234 Information Security standard means that relevant entities need to have adequate measures in place to protect customer information and be resilient against potential cyber-crime.
NCC Group is one of the companies working with APRA and financial services entities, including super funds, to improve cyber security standards.
Head of risk management and governance consulting for NCC Group Joss Howard says that APRA’s new information security standard stipulates that APRA regulated entities need to hold boards accountable for cyber and information…