realestatebusiness logo

Subscribe to our newsletter

Major cyber breach in finance inevitable: APRA

To date, no APRA-regulated bank, insurer or superannuation fund has suffered a substantial cyber attack, but APRA executive board member Geoff Summerhayes has warned that a lack of awareness among the higher ranks of companies will only make it a matter of time.

The prudential regulator has unveiled its cyber security strategy for 2020-24, which seeks to lift security standards and introduce higher accountability where companies fail to meet their requirements. 

Speaking to the Financial Services Assurance Forum on Thursday (26 November), Mr Summerhayes warned that the financial system is only as resilient to attacks as the “weakest link in the chain”. 

“To date, no APRA-regulated bank, insurer or superannuation fund has suffered a material cyber breach, but our view that it’s only a matter of time until a major incident occurs hasn’t changed,” he said.

“For example, too many boards still lack visibility or understanding of the problems, while internal audit functions can lack the specialist skills to challenge boards and management to plug urgent gaps.”


The surge in online activity through the COVID period has presented a “business opportunity” for scammers and the like. During the course of 16 days through March, the Australian Cyber Security Centre received more than 45 pandemic-themed cyber crime and cyber security incident reports, while the ACCC’s Scamwatch received more than 100 reports of COVID-themed scams.

While there has been no obvious sign of a rise in adversaries targeting banks, insurers or super funds, Mr Summerhayes said the sector should not be complacent – cautioning it can take months or years for some attacks to be detected. 

The Australian financial system has an estimated 17,000 interconnected financial entities, markets and financial market infrastructures that provide products and services to consumers. APRA directly supervises around 680. 

The new cyber security strategy will enable the prudential watchdog to apply a broader set of regulatory tools to cyber, acting with peer regulators and other government agencies, imposing greater accountability on entities that fail to comply with their prudential obligations. 

It has three primary focus areas, including establishing a baseline of cyber controls by enforcing non-negotiable cyber practices, better sharing of cyber information and enabling more effective incident response processes.  

APRA is also seeking to enable boards and executives to oversee and direct correction of cyber exposures, through practice guidance and cyber oversight practices. 

“Cyber risk is hardly a new threat, yet many boards across our regulated population are still not properly equipped to oversee cyber matters and direct corrective action where necessary,” Mr Summerhayes said. 

Internal auditors have also been targeted in the strategy. The regulator has pledged to work with relevant professional bodies such as the Australian Institute of Company Directors, the Risk Management Institute of Australasia and the Institute of Internal Auditors.

Mr Summerhayes reported that the regulator had observed audit committees not knowing how to act when cyber exposures are exposed by internal auditors, an audit committee struggling to interpret the severity of cyber risk findings compared with findings from other areas of the business, and internal auditors that don’t conduct a thorough enough investigation into the state of cyber controls. 

The third branch of the new strategy will see the regulator target weak links within the broader ecosystem and supply chain – part of which will require it to align its requirements for cyber security with the Reserve Bank and ASIC.

[Related: NAB sets up ‘bug bounty’ cyber program]

Major cyber breach in finance inevitable: APRA

Latest News

Making news this week, Volt Bank set to exit the banking industry, APRA confirms banks treatment for home guarantees, Australian outright ho...

From Friday (1 July), 40,000 new places have become available under the federal government’s schemes to help Australians buy their own ho...

The big four banks continue to dominate the mortgage market with three reporting an increase to their home loan books over May, APRA stats r...


Join Australia's most informed brokers

Do you know which lenders are providing brokers and their customers with the best service?

Use this monthly data to make informed decisions about which lenders to use. Simply contribute to the survey and we'll send you the results directly to your inbox - completely free!

Do you think the new NSW property tax will help or hinder first home buyers?

Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.