With cyber events having the potential to damage or even destroy businesses and brands, cyber security is a key business risk and corporate governance issue

Information security and privacy protection are more important than ever.

From 1 July 2019 banking, insurance and superannuation institutions regulated by the Australian Prudential Authority (APRA) will be subject to a new prudential standard aimed at increasing resilience against information security incidents including cyber attacks.

APRA’s Prudential Standard CPS 234 Information Security requires APRA-regulated entities to take a proactive approach to managing cyber security risks and makes it clear that cyber resilience is a board responsibility.

For entities not regulated by APRA, this standard points to new expectations about board responsibility around cybersecurity and privacy issues.

We offer information sessions for Boards and advice on questions that will generate appropriate discussions between board members and management and increase awareness of key cyber resilience issues.