The Australian Prudential Regulation Authority (APRA) has launched a five-year cybersecurity strategy to protect financial institutions and related entities from cyber-attacks. Both APRA regulated organisations and their suppliers, particularly those involved in the provision of software-as-a-service to financial institutions, should thoroughly review the policy changes.