The resilience of APRA-regulated entities to cyberattacks is set to increase, after the release of the regulator's new information security standard.
On Wednesday the regulator released the final version of its prudential standard focused on information security management, requiring its regulated entities to clearly define information security related roles and responsibilities, and maintain an information security capability matching the size and extent of threat to their information assets.
After releasing a discussion paper in March, APRA said it consulted extensively with industry, which led to the publication of the standard's final form.
APRA executive board member Geoff Summerhayes said cyberattacks on Australia's financial services companies are becoming more sophisticated with time.
|Sponsored by Franklin Templeton|
How much further can global growth fly?
"A significant information security breach at an APRA-regulated entity is almost certainly a question of when - not if. In a worst-case scenario, a major breach could even force a company out of business," Summerhayes said.
"As a result, APRA is fast-tracking implementation of this standard, and expects all regulated entities to meet its requirements by 1 July next year."
Summerhayes said that by introducing CPS 234, the prudential regulator was aiming to ensure all regulated entities develop and maintain information security capabilities reflecting the importance of the data they hold.