Sense of Security is one of Australia’s most trusted providers of cyber resilience, information security and risk management services.

Latest announcements
© Copyright Sense of Security
Cyber Security Services


APRA CPS 234 is a mandatory regulation issued by the Australian Prudential Regulatory Authority (APRA).

This Prudential Standard aims to ensure that an APRA-regulated entity takes measures to be resilient against information security incidents (including cyber-attacks) by maintaining an information security capability commensurate with information security vulnerabilities and threats.

It requires organisation’s to significantly raise their information security capabilities commensurate with the evolving size and extent of the threats to their assets.

Obligations on entities under CPS 234 include:

  • Clear definition of internal responsibilities for cyber-security, starting at board level
  • Cyber-security capability commensurate with the size and extent of the threats
  • Controls to protect information assets and on-going testing of their effectiveness
  • Notification to APRA of material cyber-security incidents.

“Too often, boards did not get the right information about emerging non-financial risks.”

(Haynes Royal Commission Report 2018)

APRA’s new mandatory regulation specifies new cyber security requirements for APRA regulated entities and brings to the forefront the importance of strong cyber security in the information age.

The key objective is to minimise the likelihood and impact of information security incidents on the confidentiality, integrity or availability of information assets, including information assets managed by related parties or third parties.

The Board of an APRA-regulated entity is ultimately responsible for ensuring that the entity maintains its information security.

Who is affected by CPS 234

CPS 234 applies to all APRA-regulated entities. These include:

  • Authorised deposit taking institutions
  • Private Health insurers
  • Superannuation funds
  • General Insurers
  • Non-operating holding companies
  • Life Insurers
  • Registered financial corporations (RFCs)
  • Friendly societies

Why do we need CPS 234?

The cyber landscape is continually evolving. CPS 234 is a direct response to this changing environment. Today’s top threats include:

  • Payments and card fraud
  • Geo-positional hacking
  • Attacks on financial big data
  • Mobile OS/App vulnerabilities
  • Supply chain attacks
  • Attacks on critical infrastructure.

How can we help?

Thanks to our highly experienced and trained people, we can help your organisation meet the CPS 234 compliance obligations.

Enterprise cyber security review & data governance

It’s essential that an organisation understands where they are in relation to the security of their organisation. This is where an Enterprise Cyber Security Review (ECSR) is beneficial.

Incident Response Readiness Assessment

An Incident Response Readiness Assessment (IRRA) provides you and your stakeholders a clear picture of current capabilities. Importantly, it will identify improvements and provide a roadmap of prioritised objectives.

Vulnerability Management

We can assist with the development of a vulnerability management process through to the selection of appropriate supporting tools.

Penetration Testing

Sense of Security offers that most comprehensive range of testing services in the market. APRA regulated entities generally have large footprint environments both at the network and application layer.

Learn more about

Speak to one of our trusted cyber advisors
on 1300 922 923 or make an enquiry today.