As part of APRA’s Corporate Plan 2020-24, APRA will seek to drive significant improvement in the Australian financial system’s cyber resilience.
Cyber presents one of the most difficult threats to all industries, including banks. One of the banking sector’s highest priorities is to work in partnership with key stakeholders to effectively mitigate cyber threats. Government stakeholders include APRA, the Council of Financial Regulators and national security agencies.
The Australian Government has passed legislative reforms to the Security of Critical Infrastructure Act 2018 to uplift the operational and cyber resilience of critical sectors of the Australian economy, including the banking and financial services sector. The Department of Home Affairs is also consulting on a national Ransomware Action Plan and a Data Security Action Plan.
The ABA strongly supports the Government coordinating with APRA and the Council of Financial Regulators on the implementation of the critical infrastructure reforms. The ABA has highlighted that a harmonised approach, where a single regulator has a clear mandate and a transparent system in place for regulatory coordination, will ensure critical assets in the banking sector are secure and resilient.
APRA’s 2020-2024 Cyber Security Strategy will be critical to delivering APRA’s information security prudential standard and prudential guidance, CPS 234. The Council of Financial Regulators have launched the Cyber Operational Resilience Intelligence-led Exercises (CORIE) framework to test and demonstrate the cyber maturity and resilience of institutions within the Australian financial services industry.