In response to increasingly advanced cyber-crime, on 1 July 2019 the Australian Prudential Regulation Authority (APRA) released the Prudential Practice Guide CPG 234 Information Security (PPG), an updated prudential guidance document which provides directions for APRA-regulated entities to help manage their information security risks.
The new PPG focuses on reinforcing the industry's ability to withstand information security threats and strengthen responsiveness to breaches. This comes after an increase in the frequency and sophistication of cyber-attacks made on Australian banks, insurers and superannuation licensees.
In addition to the new guidelines, APRA published a letter in June 2019 responding to submissions on their draft of the new PPG. The letter highlighted the importance of having appropriate oversight of third parties who are involved with an entity's information security, including the service providers who have been engaged by those third parties.
A copy of the new CPG 234 Information Security and APRA's industry letter are available on APRA's website.