The famous 1970’s American criminal Willie Sutton was once asked why he robbed banks. His succinct reply —“because that’s where the money is” —is still relevant today. While old-fashioned heists may have been replaced by cyber-attacks, banks have had decades of experience building their defences, and an industry that has quietly amassed more than $US44 trillion in global assets, is still playing catch-up. This is why APRA’s new Prudential Standard CPS 234 is forcing asset owners—such as pension and superannuation funds—to prepare for information security incidents, which will assist in a swift response in the event of a breach. CPS...