Australia: Published APRA notice on security and adequacy of backups

On 3 June 2024, the Australian Prudential Regulation Authority (APRA) issued a communication to all APRA-regulated entities, stressing its expectations regarding cybersecurity, particularly in relation to data backups and protection against data loss. APRA urged businesses to review and address any gaps in their practices that could impede system restoration during a cyber incident. APRA specifically recommends that businesses periodically conduct self-assessments against the security practices outlined in the APRA Prudential Guide CPG 234 and review their backup arrangements to address common issues that may limit the effectiveness of backups during the restoration phase following a cyber incident.