APRA Stresses Importance of Data Backups for Cyber Resilience in Financial Sector


Article: The Australian Prudential Regulation Authority (APRA) has recently issued a letter to all regulated entities, emphasizing the crucial role of data backups in maintaining cyber resilience. This initiative is part of APRA’s ongoing commitment to supervise cyber resilience across the financial services industry, as outlined in its Interim Policy and Supervision Priorities update.

In the letter, APRA details common issues observed in backup practices that could potentially hinder system restoration in the event of an incident. These concerns include inadequate backup frequency, insufficient backup data retention, and ineffective backup testing. The regulator expects all regulated entities to review their backup arrangements and promptly address any identified gaps.

APRA’s jurisdiction covers banks, mutuals, general insurance and reinsurance companies, life insurance, private health insurers, friendly societies, and most members of the superannuation industry. With around $9 trillion in assets under its supervision, APRA’s focus on data backup practices underscores the importance of robust cyber resilience in safeguarding depositors, policyholders, and superannuation fund members’ interests in Australia.