The Australian Prudential Regulation Authority (APRA) has launched a five-year cybersecurity strategy to protect financial institutions and related entities from cyber-attacks.

The APRA Cyber Security Strategy for 2020-24 is designed to create a safe regime throughout the financial industry, with a boost to individual accountability. This measure comes at a time where the safety of information is most fragile particularly where many employees work from home and/or hold confidential information on personal computers/devices. APRA executive board member Geoff Summerhayes has emphasised ‘it is only a matter of time before a major financial institution is hacked’ and, without proper countermeasures in place, this is bound to land a devastating blow on the financial industry.

APRA has ordered financial institutions to engage in external and independent compliance audits to ensure boards and management remain accountable in situations of breach. Moreover, to add to the seriousness of this issue, APRA has advocated that it will not hesitate to take formal action where financial institutions are unable or unwilling to adhere to the policy changes.

Both APRA regulated organisations and their suppliers, particularly those involved in the provision of software-as-a-service to financial institutions, should thoroughly review the policy changes.

For further reading, click here.