The financial services industry is simultaneously innovating whilst facing the persistent threat of cyber attacks. The financial services industry is specifically targeted because it is where money is held, or at least processed, and financial services businesses also hold a lot of identity and related sensitive personal information.
Due to the rising level of risk, regulators are stepping up pressure on the financial services industry to demonstrate strong cyber security. Chief amongst these are APRA and its Prudential Standard CPS 234 for Information Security which will apply from 1 July 2019 and to service providers from 1 July 2020.
Prudential Standard CPS 234 requires organisations to have a structured information security program in place. If you don’t already have one, now is the time. If you already have a capability in place, it is worthwhile reviewing it in accordance with the requirements of Prudential Standard CPS 234 so you know where you stand.
If you’re looking for more detailed guidance, refer to the Australian and International Standard for Information Security Management Systems (AS ISO/IEC 27001) as it explains how to implement a information security program that includes e.g. asset management, risk management, program evaluation and incident management.
Also, don’t forget about the Australian Privacy Act. A structured information security program will help demonstrate you’ve taken reasonable steps to protect sensitive personal information including customer identity information and financial transactions which both represent sensitive personal information as defined in the Act.
Get in touch to arrange a demonstration, discuss complex requirements or provide feedback.