(Bloomberg) -- Australia’s financial institutions must improve their resilience to cyberattacks, the head of the nation’s banking regulator said Tuesday. 

A recent review uncovered a “lack of rigor” in the nature and frequency of security control testing and insufficient board oversight on cyber, John Lonsdale, chair of the Australian Prudential Regulation Authority said.

“Entities have more work to do,” Lonsdale said in a speech at the AFR Banking Summit in Sydney. “There is a need to continuously raise the bar on cyber preparedness and resilience across banking, insurance and superannuation.”

“APRA is prepared to wield the stick and take enforcement action if necessary,” he added. 

His comments come after a string of high-profile data thefts in Australia raised questions about whether the nation’s companies are sufficiently equipped to handle major attacks. Latitude Financial said yesterday details of about eight million driving licenses were stolen along with over 50,000 passport numbers. 

Lonsdale also said that APRA is spending “considerable time” assessing what went wrong at Silicon Valley Bank and Credit Suisse Group AG, and seeing whether there are lessons for the Australia. He stressed though that the Australian banking system is strong and resilient, with prudential safeguards above and beyond international minimums.

Australia’s 10 largest banks, in aggregate, passed APRA’s latest severe stress test, Lonsdale said. The exercise looked at how banks would cope in a deep recession where house prices fell nationally by 43% over three years and the offshore funding markets were temporarily closed.

(Adds results of stress test in 7th paragraph)

©2023 Bloomberg L.P.