APRA entities among 'top global cyber targets'

APRA entities among 'top global cyber targets'

APRA entities among 'top global cyber targets'

Australian financial institutions are among the top global cyberattack targets, according to an APRA board member.

Geoff Summerhayes, APRA executive board member, said that APRA-regulated entities are a major prospect for cyber criminals thanks to their wealth and technology take-up.

“Australian financial institutions are among the top global targets for cyber criminals,” Summerhayes said. “Australia is targeted due to its relative wealth and take-up of digital technologies, while financial institutions are attractive to criminals seeking money or personally identifiable information on customers – something insurers hold in spades.

“Taking all of this into account, APRA views cyber risk as an increasingly serious prudential threat to Australian financial institutions. To put it bluntly, it is easy to envisage a scenario in which a cyber breach could potentially damage an entity so badly that it is forced out of business.”

Summerhayes, speaking at the Insurance Council of Australia Annual Forum, told attendees that APRA considers the chance of a financial institution being put out of business due to a cyberattack “remote” but “it is no longer beyond the realms of possibility.”

“Despite this, APRA believes cyber security is generally well-handled by the entities we regulate,” Summerhayes continued. “The prudential risk is less due to a lack of preparation by industry than the pervasive nature of the threat.”

While Summerhayes noted that most businesses are prepared, he warned that complacency on cyber security could be fatal for businesses. Summerhayes said firms should look to adopt an “assumed breach posture” to help stay alert to ever-changing threats.

“Adopting an assumed breach mentality will create a sharper focus on incident detection and response capabilities and planning,” Summerhayes said. “This accelerating risk requires a rapid response, but also recognition that your stamina will be sorely tested. The challenge requires ongoing vigilance, improvement, investment and oversight because, though this race has no finish line, it’s not a contest you can afford to lose.”

Summerhayes also announced that APRA would launch its first prudential standard on information security.


Related stories:
APRA releases first prudential standard on internet security
  • Tony 13/03/2018 9:44:44 AM
    I agree with APRA that Australian Financial institutions are an obvious Cyber target. I do think they are missing part of the argument around what happens to the credit risk of a financial institution, banks in particular, if a large proportion of their customer base (particularly SME borrowers) suffer a cyber event at the same time. The inability of a large number of SME's complying with their debt obligations as a result of a Cyber event is a real risk and one that has largely gone unaddressed by both regulators and the Institutions themselves.
    Post a reply