On 3 June 2024, the Australian Prudential Regulation Authority (APRA) wrote to all APRA-regulated entities to emphasise its expectations regarding cybersecurity, specifically relating to data backups and protection against data loss.
APRA called for businesses to promptly review and address gaps in any practices which could impede system restoration during the restoration phase of a cyber incident. Referring particularly to “common problems that can limit the usefulness of…backups in restoring systems during an incident”,
APRA has recommended businesses: