APRA clarifies expectations on cyber security and adequacy of backups

The Australian Prudential Regulation Authority (APRA) has written to all APRA-regulated entities emphasising the critical role of data backups in cyber resilience. This communication is part of APRA’s ongoing commitment to supervising cyber resilience across industry, as outlined in its Interim Policy and Supervision Priorities update.

The letter details the common issues observed in backup practices that could hinder system restoration during an incident. APRA expects regulated entities to review their backup arrangements and address any identified gaps promptly.

The letter is available on the APRA website at: Security and adequacy of backups.

/Public Release. View in full here.