Cybersecurity Risk Management for APRA-regulated entities

Australian Prudential Regulation Authority (APRA) CPS 230 compliance guidance

Are you ready for the CPS 230 compliance deadline on July 1, 2025? As of this date, all APRA-regulated entities are expected to have brought their operational risk controls into line with the new requirements.

These changes include;

Strengthening risk controls
Improving your business continuity planning
Appropriately managing risks associated with third-party material service providers

So, who do the changes impact?

APRA regulated organisations – APRA is the prudential regulator of the financial services industry, overseeing banks, insurance companies, mutuals, friendly societies and most of the superannuation industry.
Anyone who provides services to banks, insurance companies, superannuation firms and financial planners. This category includes IT providers and financial advisors.

One core area of concern APRA raised is cyber security risk management within CPS 234 – Information Security.

“Early findings from an expansive APRA study on cyber resilience in financial services show there is a need to raise the bar. With the risk cyberattacks pose to institutions and the Australian community, APRA is rigorously targeting areas of non-compliance.”

APRA Insight: Cyber security stocktake exposes gaps (5 July 2023)

In this APRA Workshop, held in partnership with Central West Business, Colton Computer Technologies and NLT Insurance, we will be exploring the key themes within CPS 234, as follows;

Information security controls
The risk of subcontractors
Oversight of contractual arrangements
Assurance through regular testing and breach simulations

You will have the opportunity to ask questions about the guidance, find out more about how to select compliant third-party partners and the role and responsibilities of the board, senior management and others deemed “accountable persons.”

Are you already completely sick of IT? Let Us help!

Call us on 6361 1116

or Send us an email