Key points from Executive Board Member Geoff Summerhayes’ speech to the Financial Services Assurance Forum- Lessons for Energy Sellers

Share on twitter
Share on linkedin
Share on facebook

Cyber threats are accelerating and evolving rapidly. The COVID-19 pandemic has led to a surge in online activity and remote working, providing more opportunities for cyber criminals to attack. Boards and internal audit functions often lack understanding and expertise in cyber security, leaving organisations vulnerable.

To address this, APRA has released a new Cyber Security Strategy for 2020 to 2024. It aims to:

  1. Establish a baseline of cyber controls including information sharing and incident response. The goal is to address basic cyber hygiene issues, foster collaboration, and ensure organisations are prepared for breaches.
  2. Enable boards and executives to properly oversee cyber risks. APRA will provide guidance and increase scrutiny of cyber governance. Boards need to understand cyber risks and take action. Internal audit functions also need to strengthen their cyber capabilities to properly inform and challenge boards.
  3. Address weak links in the broader financial ecosystem including third-party providers. APRA will work with providers and auditors to strengthen cyber standards and oversight practices. It will also work with other regulators to harmonise cyber regulation across the financial system.

To implement the strategy, APRA will collect more cyber threat data, take a targeted approach to ensuring compliance, conduct independent reviews of organisations, and consider enforcement action if necessary. By sharing information and addressing vulnerabilities, the industry can work together to strengthen cyber defences.

For energy retailers, there are valuable lessons in APRA’s strategy. Like financial services, the energy sector is increasingly digital and connected, with complex supply chains and third-party providers. This expanding ecosystem provides more opportunities for sophisticated cyber attacks that could disrupt essential services.

Energy retailers should focus on:

•Educating and engaging their board on cyber risks to enable effective governance and oversight. Board members need to understand threats, consider worst-case scenarios, and direct resources appropriately.

•Strengthening their internal audit function’s cyber capabilities through recruitment or training. Internal audit needs to rigorously assess cyber risks and controls to properly inform the board.

•Tightening controls and oversight of third-party providers, especially any critical infrastructure providers or sensitive data handlers. While regulation may not mandate this yet, strengthening the weakest links in the supply chain is key for resilience.

•Participating in industry collaboration and information sharing on cyber threats and best practices. By working together, energy retailers can better identify, prevent and respond to cyber attacks.

•Considering an external “health check” of their cyber risk management to identify any major vulnerabilities before an incident occurs. An independent expert review could provide useful insights to benchmark against peers and guidance for improvements.

In summary, while APRA’s strategy is aimed at the financial sector, the themes of governance, collaboration, and vigilance against an accelerating threat apply equally to essential service providers like energy retailers. Taking a proactive approach to cyber resilience is critical for any organisation and industry in today’s connected world.

More to explorer

Window lights in multistorey house at night, Kuala Lumpur

A Guide to the Role of the Metering Coordinator

In the complex landscape of the electricity market, the role of the Metering Coordinator (MC) is crucial for ensuring the accurate measurement and efficient coordination of metering services. With the National Electricity Rules (NER) as the guiding framework, AEMO has published a guide to the role of a metering coordinator and this article serves as a summary of that role drawing on the guide. Understanding the Purpose and Scope: The Guide to the Role of the Metering Coordinator is specifically

Digital electric meters in a row measuring power use. Electricity consumption concept.

Roles and Functions in Electricity Metering: A Short Guide

Electricity metering is a complex process that requires the collaboration of various entities to ensure accurate measurement and efficient energy management. Understanding the roles and responsibilities of these entities is crucial for maintaining compliance and facilitating the smooth functioning of the electricity market. In this article, we will explore in detail the key roles in electricity metering, including Financially Responsible Market Participants (FRMPs), Metering Coordinators (MCs), Metering Providers (MPs), and Metering Data Providers (MDPs), as outlined in Chapter 7 of

Preparing to Apply for a Retailer Authorisation: A Comprehensive Guide

The Australian Energy Regulator (AER) oversees the authorisation process for energy retailers in Australia. If you’re considering joining this market, it’s crucial to understand the AER’s guidelines and requirements. This article will outline the preparatory steps your business needs to take before applying for a retailer authorisation.

Leave a Reply

Your email address will not be published. Required fields are marked *