APRA finalises prudential standard

By Eliot Hastie
 — 1 minute read

APRA has released the final version of its prudential standard aimed at combating the threat of cyber attacks.

The new standards developed by the Australian Prudential Regulation Authority will shore up regulated entities’ resilience against information security incidents including cyber attacks.

The standards, referred to as CPS 234 also enables entities to respond swiftly and effectively in the event of a security breach.


The standards require entities to clearly define information-security roles, maintain an information security capability, implement and test controls to protect assets and notify APRA of any incidents.

APRA released a discussion paper in March about the standards and the finalised standards include several amendments made after consultation with the industry around requirements of third parties and notification timelines.

APRA executive board member Geoff Summerhayes said that Australian financial services companies were increasingly under attack from cyber adversaries.

“A significant information security breach at an APRA-regulated entity is almost certainly a question of when – not if. In a worst-case scenario, a major breach could even force a company out of business. As a result, APRA is fast-tracking implementation of this standard, and expects all regulated entities to meet its requirements by 1 July next year,” he said.

Mr Summerhayes said the introduction of the new standards would ensure all entities were able to keep hold of the data and stop any threats.

“By introducing CPS 234, APRA aims to ensure all regulated entities develop and maintain information security capabilities that reflect the importance of the data they hold, and the significance of the threats they face.”

The must-attend event for financial advisers is back in 2022: the ESG Summit, coming to Sydney and Melbourne in February. Walk away with vital knowledge on a number of key ESG areas to help you make informed ESG strategy decisions and to better communicate and integrate the growing ESG space to clients. Visit the website to secure your place.


APRA finalises prudential standard
investordaily image
ID logo


related articles

Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.