Common cyber control weaknesses

The Australian Prudential Regulation Authority (APRA) has maintained its heightened focus on the cyber resilience of regulated entities in banking, superannuation and insurance.

It has published a list of common issues it has observed in terms of security in configuration management, privileged access management and security testing.

APRA says it expects regulated entities to review their control environment against these common weaknesses. If the review identifies gaps that could materially impact the entity’s risk profile or financial soundness, APRA considers this a material security control weakness notifiable under paragraph 36 of CPS 234.

APRA also recommends that entities conduct regular self-assessments aligned with the sound practices in Prudential Practice Guide CPG 234 Information Security (CPG 234), and adopt relevant mitigation strategies from established frameworks like the Essential Eight.

If you found this article helpful, then subscribe to our news emails to keep up to date and look at our video courses for in-depth training. Use the search box at the top right of this page or the categories list on the right hand side of this page to check for other articles on the same or related matters.

David Jacobson

Author: David Jacobson
Principal, Bright Corporate Law
Email:
About David Jacobson
The information contained in this article is not legal advice. It is not to be relied upon as a full statement of the law. You should seek professional advice for your specific needs and circumstances before acting or relying on any of the content.

Print Friendly, PDF & Email
 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.