APRA said multiple reviews identified deficiencies in NGS' compliance with its standards on information security.
December 8, 2023APRA's Therese McCarthy Hockey said additional capital requirements will be imposed on entities found to be "significantly wanting" in compliance.
August 26, 2023APRA identified six common control gaps in the first tranche of CPS 234 assessments, and offers recommendations to address them.
July 6, 2023Multi-factor authentication is one of the "most effective controls" an organisation can implement to unauthorised access to a device or network, APRA says.
May 27, 2023APRA to intensify supervision of all entities not meeting CPS 234. Medibank executive pay could be impacted.
November 30, 2022APRA found in a data collection exercise that 60 percent of regulated entities had not assessed IT service providers' information security control testing.
November 25, 2021APRA is piloting a risk culture survey, independent cyber security reviews, and a new data collection exercise on technology and cyber risks.
May 3, 2021Legislation currently before Parliament includes security obligations for entities responsible for critical infrastructure, a list that will be significantly expanded.
March 18, 2021Starting next year, APRA will be asking boards to engage an external auditor to comprehensively review their compliance with CPS 234 on information security.
November 27, 2020APRA has observed areas of common weakness, such as poor cyber hygiene, the lack of a comprehensive security patching regime and poor access management practices.
November 11, 2019