Financial regulator wants stronger cyber security for the industry
Australians are at risk as cyber criminals become savvier and bolder.
The Australian Prudential Regulation Authority (APRA) recently developed its first cyber-security standard, which would require APRA-regulated financial service providers to shore up their systems.
The new set of measures is titled Information Security Management and is designed to help regulated entities avoid data breaches and respond more swiftly when breaches do occur.
Specifically, the measures would require institutions to clearly define the security-related roles and responsibilities of key business stakeholders, maintain a level of security on par with the size of their risk, conduct regular testing to ensure their security is up-to-date, develop timely ways to respond to threats and notify APRA about any security incidents.
According to APRA executive board member Geoff Summerhayes, none of Australia’s regulated entities have yet to experience a significant cyber attack, but that it will happen eventually.
"Cyber security is generally well-handled across the financial sector, but with criminals constantly refining and expanding their tools and capabilities, complacency is not an option. Australian financial institutions are among the top targets of cyber criminals seeking money or customer data, and the threat is accelerating," Summerhayes said in a statement.
In May 2017, the United States experienced one of the largest financial data breaches in history when cyber criminals gained access to sensitive financial data from credit reporting agency Equifax. It affected 147 million people.
APRA doesn’t want that happening to Australians.
"Implementing legally binding minimum standards on information security is aimed at increasing the safety of the data Australians entrust to their financial institutions and enhance overall system stability," Summerhayes said.
APRA plans to finalise the standard by the end of the year and is taking submissions on the new standard until 7 June.