Directors responsible for cyber security

Financial watchdog APRA has put company directors and boards on notice when it comes to the issue of cyber security.

25 November 2021

In a media release, APRA said with the COVID-related surge in digital technology use and more complex and sophisticated cyber attacks, “the need for boards’ ongoing due diligence in the cyber area is greater than ever”.

The regulator said boards need to strengthen their ability to oversee cyber resilience.

“Ultimately, APRA expects boards to have the same level of confidence in reviewing and challenging information security issues as they do when governing other business issues,” the regulator said.

APRA’s pilot technology resilience data collection involved surveying companies across the banking, superannuation and insurance industries on a number of IT and cyber topics, including IT resourcing, system health, information security capabilities, and disaster recovery statistics.

They found 35% of entities hadn’t tested their backups for critical systems, 22% hadn’t tested their cyber incident response plans and 60% hadn’t assessed their IT service providers’ information security control testing.

Recently, the Australian government issued a paper, Strengthening Australia’s Cyber Security Regulations and Incentives, which also discussed clarifying cyber security expectations like director’s duties under the Corporations Act 2001.

The same paper is also called for feedback on what cyber security support, if any, should be provided to directors of small and medium companies.

SMEs should have a top-down approach

In a recent interview with Business Australia, Scott McKinnel, country manager for IT security company Tenable, said in smaller businesses there often needs to be better communication between the IT managers, technical experts, and those in the position to make decisions. Also, there should be improved accountability and ownership of cyber risk. This means controls need to be built into business systems and charters.

There are also a number of other changes underway, including a review of the Privacy Act, which includes increasing penalties for data breaches, and introducing a direct right of action for consumers.

Are you at risk of a cyber attack?

Take our free Cyber Security Health Check now to help protect your business from phishing, ransomware, malware and more. Valued at approximately $250, it's free to Business Australia members.

Found this useful?

Subscribe to our newsletter and receive the best business tips and articles straight to your inbox.

Thank you for signing up to our newsletter. You're one step closer to receiving more insightful information to help better your business.

We take your privacy seriously and by subscribing to our newsletter you agree to the terms of our Privacy Policy available below.