Complying with APRA Prudential Standard CPS 234

0
[ This article was originally published here ]


Since Australia’s Notifiable Data Breaches (NDB) scheme launched on the 22nd February 2018, the Office of the Australian Information Commissioner (OAIC) noted that there were 964 data breaches1 reported between 1 Apr 2018 and 31 March 2019. This equates to just over 700% increase in data breaches reported compared to the 114 data breaches voluntarily reported in the previous year … a mind-blowing statistic!

With cyber-attacks unwaning, it is not surprising to see that the Australian Prudential Regulation Authority (APRA) released its Prudential Standard CPS 234 for Information Security on 1st July 2019. The objective of CPS 234 is to ensure all APRA regulated entities in the banking, insurance and superannuation industries are prepared to protect against any information security incidents (including cyber-attacks) and are able to respond swiftly and effectively in the event of a data breach.

In particular, Prudential Standard CPS 234 requires that APRA-regulated entities must:

  • Clearly define information-security related roles and responsibilities;
  • Maintain an information security capability that fits with the size and extent of threats to their information assets;
  • Implement controls to protect information assets and undertake regular testing and assurance of the effectiveness of controls; and
  • Promptly notify APRA of material information security incidents

Yet in a recent Thales survey on Data Protection2, only 20% of Australian organisations consider themselves to have a mature cybersecurity programme, with over two-thirds finding challenges with the complexity of cybersecurity solutions and integrating cybersecurity with existing technologies.

But all is not lost! Join us at this webinar where you can:

  • Discuss the key requirements of CPS 234
  • Identify disruptive cybersecurity trends and the implications
  • Learn best practices to protect against data breaches

Presenters:

  • Graeme Pyper, A/NZ Regional Director, Thales

Webinar:

Date: Thursday, 5th September 2019
Time: 1:00PM (Sydney, Melbourne)
Duration: 60 Minutes

Register Now

Don’t worry if you can’t attend the live webinar as you will get a link to the webinar recording that you can watch at your leisure.

And if you have any questions or like to discuss this more, don’t be shy; please do contact us. We’d love to hear from you.

1https://www.oaic.gov.au/resources/privacy-law/privacy-act/notifiable-data-breaches-scheme/quarterly-statistics/ndb-scheme-12%E2%80%91month-insights-report.pdf
2https://www6.gemalto.com/ecosystm-cybersecurity-research