This article looks at the work the Australian Prudential Regulation Authority (APRA) is doing to supervise and scrutinize regulated entities’ cyber risk management.
The APRA’s cyber security strategy is summarized in the article as well, in addition to specific measures the APRA looks to implement. These measures include: (1) formulating enhance cyber guidelines for board members, internal auditors and risk management professionals; (2) collecting more data to better understand cyber threats and sharing this knowledge with the industry; (3) developing stronger third-party assessment and assurance practices; (4) requiring certain entities to obtain certain cyber security reviews; and (5) issuing breach notices to regulated-entities that fail to comply with CPS 234 and requiring them to create a rectification plan.
Authors: Tim Gole, Partner, and Mark Ferguson, Lawyer, Gilbert + Tobin