ICA calls for clarity on information security standard
The Insurance Council of Australia (ICA) has outlined ways to improve CPS 234, a new prudential standard aimed at strengthening cyber resilience.
Its proposals revolve around the board’s role, notification requirements to the Australian Prudential Regulation Authority (APRA), assessment of third-party information security capability and the implementation period.
“The decision to establish a prudential standard… will help strengthen our members’ resilience to cyber risks across the extended business environment,” the ICA submission to APRA says.
“However, ICA considers the clarity of the requirements in CPS 234 could be improved and greater recognition of the complexity of implementation [is needed].
“In particular, there should be greater consistency between APRA’s requirements and other regimes around data and privacy breaches, adequate time for implementation and a satisfactory intermeshing between CPS 234 and other prudential standards.”
APRA expects to release a final cross-industry prudential standard in the fourth quarter, before implementing it in July next year.