Cyber Security Remains a Focus for Australia’s Finance Sector

Protecting sensitive data by having the right security controls in place is of the utmost importance to every organisation. The number of data breaches around the world continues to rise with cybercriminals’ techniques evolving and becoming more sophisticated. In line with that evolution, Australia is implementing new regulations and standards to help protect data and combat threats with the financial sector a particular area of focus.

Australia’s growing cyber defence focus 

In a recent a speech given to the Committee for the Economic Development of Australia, the Australian Prudential Regulation Authority (APRA) Chair Wayne Byres pointed out three critical threats to the financial sector – climate-related risks; governance, culture, remuneration, and accountability (GCRA); and cyber security.  All three risks need to be adequately addressed in order for the financial service industry to remain stable in Australia. Byres outlined specific steps APRA-regulated businesses should take to adequately prepare and plan for long-term strength and resilience. 

Australia has already been focusing on combating cyber threats to its financial systems.  In July 2019, APRA’s first prudential standard, CPS 234, defined standards for APRA-regulated businesses to maintain cyber security controls to protect critical information assets. This included when and how to notify APRA of possible security incidents. A year later, APRA expanded the scope of the CPS 234 standard to include controls related to third-party suppliers that work with APRA-regulated businesses.  

Many questions remain

APRA-regulated entities have been preparing for the arrival of CPS 234 and have taken steps to ensure compliance. But there are still many questions on implementation and obligations on how to secure and manage regulated information assets (either themselves or through third-party partners and vendors). Byres says that the APRA will take a more active cyber security and defense testing regime during 2021. This will include specialists conducting controlled “mock breaches” to test gaps and weaknesses in businesses cyber defences.  

So, what are businesses to do?  

Many businesses are undertaking efforts to comply with APRA’s CPS 234 standard as it continues to evolve. This includes ensuring they have a trusted partner to help them identify and protect against information security vulnerabilities. 

Okta has recently published a whitepaper that outlines how financial institutions may leverage the Okta Service to address the regulatory standards of CPS 234, which includes:

✓ Information security capabilities

✓ Policy frameworks

✓ Information asset identification and classification

✓ Implementation of controls

✓ Incident management

✓ Testing control and effectiveness 

✓ Internal audits

✓ APRA notifications

Trust and Security – How Okta Can Help

A robust and flexible cyber security strategy requires a proven and trusted security partner that can help guide businesses through all the necessary steps needed for various standards.  Trust and security are the key pillars in the foundation of what we do. Okta is here for our customers – all around the world and including Australia.  

Download our paper today and let us help you! 


While this article discusses certain legal concepts, it does not constitute legal advice.  It is provided for informational purposes only.  For legal advice regarding your organisation's compliance needs, please consult your organisation's legal department.  Okta makes no representations, warranties, or other assurances regarding the content of this article.  Information regarding Okta's contractual assurances to its customers can be found at