Medibank says it should haven’t any issues complying with orders to hold an extra $250 million in capital after a catastrophic knowledge breach.
The Australian Prudential Regulation Authority on Tuesday introduced the brand new capital adequacy requirement will kick in from July 1 and stay in place till Medibank satisfactorily completes remediation work.
It may also conduct a know-how overview specializing in the corporate’s governance and threat tradition.
“This action demonstrates how seriously APRA takes entities’ obligations in relation to cyber risk and that APRA will respond strongly to identified weaknesses in cybersecurity controls,” board member Suzanne Smith mentioned in an announcement.
At least 9.7 million Medibank clients had private data together with names, dates of start, addresses and telephone numbers compromised in the course of the October 2022 knowledge breach.
The measures are meant to expedite Medibank’s remediation program, with additional work wanted to make sure the corporate stays protected from additional knowledge breaches.
“APRA expects Medibank to ensure there is appropriate accountability and consequence management, including impacts to executive remuneration where appropriate,” Ms Smith mentioned.
“I note that Medibank has consistently dealt with APRA in an open, constructive and cooperative way, consistent with our expectation of all regulated entities.”
Medibank chief govt David Koczkar mentioned the corporate takes safeguarding buyer knowledge very significantly and has enough capital of $148m to fulfill the brand new requirement.
“Medibank has continued to strengthen our systems and processes to provide our customers with the security they expect and deserve,” he mentioned in an ASX announcement.
“We will continue to work to enhance our systems and processes even further.
“Our firm stays sturdy and well-capitalised.”
The regulator has repeatedly emphasised the need for financial providers to step up their vigilance and cybersecurity defences.
“Unfortunately, not all entities are heeding these messages as we proceed to determine poor cybersecurity practices and insufficient oversight from boards and administration,” Ms Smith said.
The regulator flagged further action to ensure entities address gaps and weakness in controls.
Medibank shares fell 4.5 per cent to $3.42 by 11am on Tuesday.
Source: www.perthnow.com.au