Complying with APRA Prudential Standard CPS 234

Since Australia’s Notifiable Data Breaches (NDB) scheme launched on the 22^nd February 2018, the Office of the Australian Information Commissioner (OAIC) noted that there were 964 data breaches¹ reported between 1 Apr 2018 and 31 March 2019. This equates to just over 700% increase in data breaches reported compared to the 114 data breaches voluntarily reported in the previous year … a mind-blowing statistic!

With cyber-attacks unwaning, it is not surprising to see that the Australian Prudential Regulation Authority (APRA) released its Prudential Standard CPS 234 for Information Security on 1^st July 2019. The objective of CPS 234 is to ensure all APRA regulated entities in the banking, insurance and superannuation industries are prepared to protect against any information security incidents (including cyber-attacks) and are able to respond swiftly and effectively in the event of a data breach.

In particular, Prudential Standard CPS 234 requires that APRA-regulated entities must:

• Clearly define information-security related roles and responsibilities;
• Maintain an information security capability that fits with the size and extent of threats to their information assets;
• Implement controls to protect information assets and undertake regular testing and assurance of the effectiveness of controls; and
• Promptly notify APRA of material information security incidents

Yet in a recent Thales survey on Data Protection², only 20% of Australian organisations consider themselves to have a mature cybersecurity programme, with over two-thirds finding challenges with the complexity of cybersecurity solutions and integrating cybersecurity with existing technologies.

Sponsorships Available

Sponsorships Available

Sponsorships Available

But all is not lost! Join us at this webinar where you can:

• Discuss the key requirements of CPS 234
• Identify disruptive cybersecurity trends and the implications
• Learn best practices to protect against data breaches

Presenters:

• Graeme Pyper, A/NZ Regional Director, Thales

Webinar:

Date: Thursday, 5th September 2019
Time: 1:00PM (Sydney, Melbourne)
Duration: 60 Minutes

Register Now

Don’t worry if you can’t attend the live webinar as you will get a link to the webinar recording that you can watch at your leisure.

And if you have any questions or like to discuss this more, don’t be shy; please do contact us. We’d love to hear from you.

¹https://www.oaic.gov.au/resources/privacy-law/privacy-act/notifiable-data-breaches-scheme/quarterly-statistics/ndb-scheme-12%E2%80%91month-insights-report.pdf

²https://www6.gemalto.com/ecosystm-cybersecurity-research

Recent Articles By Author

• The Changing Face of Data Security in Australia and New Zealand
• Visit Thales at the Dell Technologies Forum in Sydney: October 1, 2019
• Join Us at the Identity and Access Morning Briefing – August 15, 2019

More from Sek Leong

*** This is a Security Bloggers Network syndicated blog from Enterprise Security – Gemalto blog authored by Sek Leong. Read the original post at: https://blog.gemalto.com/security/2019/08/14/complying-with-apra-prudential-standard-cps-234/