Prudential regulator APRA has issued a letter to all APRA-regulated entities, highlighting the importance of robust data backups in ensuring cyber resilience.
The communication aligns with APRA’s ongoing commitment to overseeing cyber resilience across the industry, as detailed in its Interim Policy and Supervision Priorities update.
In the letter, APRA outlined common problems observed in backup practices that could impede system restoration during cyber incidents. APRA expects entities to review and address these gaps promptly.
“APRA has observed common problems that can limit the usefulness of these backups in restoring systems during an incident,” said Alison Bliss (pictured above), general manager of operational resilience at APRA.
See LinkedIn post here.
APRA has called on regulated entities to evaluate their backup arrangements against identified issues. Any gaps that could significantly affect an entity’s risk profile or financial soundness should be considered a material security control weakness.
APRA stressed the necessity of adhering to the Prudential Standard CPS 234 Information Security requirements.
APRA continues to stress the evolving nature of cyber threats and the need for continuous improvement in cyber security practices.
“Given the fast-moving nature of cyber threats, APRA will continue to share information on any common areas of weakness in the future,” Bliss said.
Get the hottest and freshest mortgage news delivered right into your inbox. Subscribe now to our FREE daily newsletter.
