APRA warns on inevitability of cyber incident

A significant cyber security incident is probably inevitable in Australia, according to Australian Prudential Regulation Authority (APRA) executive board member, Geoff Summerhayes.

Releasing a consultation package around a new information security management standard, Summerhayes reinforced the importance of the regulator’s approach.

He said the package released by APRA was aimed at shoring up the ability of regulated entities to repel cyber adversaries.

Related News:

Summerhayes said APRA was conscious that Australian financial institutions were among the top targets of cyber criminals seeking money or customer data and the threat was accelerating.

"No APRA-regulated entity has experienced a material loss due to a cyber incident, but a significant breach is probably inevitable,” he said. “In a worst-case scenario, a cyber attack could even force a company out of business."

Key areas where APRA hoped to lift standards include assurance over the cyber capabilities of third parties such as service providers, and enhancing entities’ ability to respond to and recover from cyber incidents.

"Cyber security is generally well-handled across the financial sector, but with criminals constantly refining and expanding their tools and capabilities, complacency is not an option," Summerhayes said.

"Implementing legally binding minimum standards on information security is aimed at increasing the safety of the data Australians entrust to their financial institutions and enhance overall system stability,” he said.




Related Content

ISA accused of publishing “false and misleading” information

A recent briefing note by Industry Super Australia (ISA), in which it claimed that self-managed superannuation funds (SMSFs) returned 1.2 per cent les...more

O’Dwyer points to RC review of ASIC and APRA

The Minister for Revenue and Financial Services, Kelly O’Dwyer has reinforced that the Royal Commission into Misconduct in the Banking, Superannuati...more

APRA warns on inevitability of cyber incident

A significant cyber security incident is probably inevitable in Australia, according to Australian Prudential Regulation Authority (APRA) executive bo...more

Author

Comments

Add new comment