Skip to main content
Media Releases

APRA clarifies expectations on cyber security and adequacy of backups

The Australian Prudential Regulation Authority (APRA) has written to all APRA-regulated entities emphasising the critical role of data backups in cyber resilience. This communication is part of APRA's ongoing commitment to supervising cyber resilience across industry, as outlined in its Interim Policy and Supervision Priorities update.

The letter details the common issues observed in backup practices that could hinder system restoration during an incident. APRA expects regulated entities to review their backup arrangements and address any identified gaps promptly.

The letter is available on the APRA website at: Security and adequacy of backups.

The Australian Prudential Regulation Authority (APRA) is the prudential regulator of the financial services industry. It oversees banks, mutuals, general insurance and reinsurance companies, life insurance, private health insurers, friendly societies, and most members of the superannuation industry. APRA currently supervises institutions holding around $9 trillion in assets for Australian depositors, policyholders and superannuation fund members.