APRA consults on guide to cyber defences
The Australian Prudential Regulation Authority (APRA) is accelerating implementation of a new information security standard amid a growing threat to the financial sector.
It is consulting on proposed guidance for companies to protect against cyber crime, developed to help industry embed the new standard. It advises companies on addressing several common weaknesses in information security that APRA has uncovered.
The guide is for boards, senior management and IT risk experts.
And, crucially, it outlines how companies can protect themselves when information security is managed by a third party.
Aon has warned that a growing reliance on third-party or fourth-party vendors and service providers has made it easier to attack supply chains. In Britain 58% of companies have experienced data breaches via third parties, yet only 35% rate their third-party risk management program “highly effective”, the global broker says.
“Australia’s banks, insurers and superannuation funds are major targets of cyber crime, and the risk is accelerating as attackers gain in skill and technological sophistication,” APRA Executive Board Member Geoff Summerhayes said. “Unfortunately, it is only a matter of time until a significant cyber breach occurs at an Australian financial institution.”
APRA will implement the standard on July 1. For more information on the consultation, click here.