CPS 230 Report

Access exclusive insights from the CPS 230 June 2025 Survey Snapshot, examining how 20 leading Australian financial services organisations are tackling CPS 230 Operational Risk compliance and aligning it with CPS 234 Information Security requirements. Learn about industry-wide approaches, key challenges, and practical solutions directly from CISOs across banks, insurers and superannuation funds. Published by Continuity Circle and Lotis, this snapshot offers actionable intelligence to strengthen your operational risk program and support business resilience.

CPS230 Benchmark June 2025

Frequently Asked Questions About the CPS 230 CISO Survey Snapshot

Who should download the CPS 230 Programs Benchmark Report?

This report is essential for CROs, COOs, CISOs, risk managers, compliance professionals, and operational resilience teams working in Australian banks, insurers, and superannuation funds, as well as service providers supporting APRA-regulated entities.

What unique insights does the report provide?

The report reveals real-world approaches to CPS 230 compliance, the integration with CPS 234, and details the diversity in BIA practices, supplier management, and criticality ratings. It also highlights industry challenges and better practices, drawing on direct survey responses from 20 organisations.

How was the survey conducted?

The survey was conducted in May 2025 by Continuity Circle and Lotis, gathering responses from 20 CISOs in financial services and two major service providers. The findings were published in June 2025 and cover several areas relevant for interplay between CPS 234 and CPS 230 programs.

Why is this report important for operational risk and cybersecurity programs?

With APRA’s CPS 230 now active and programs in its BAU stage, the report provides practical benchmarking, identifies common pitfalls that should be addressed for sustainable programs.  Operational resilience programs will evolve over time and this data can help reshape operational risk frameworks to achieve sustainable compliance and resilience.

What will I learn about supplier and resilience challenges?

You’ll discover how organisations are handling supplier tiering, business impact assessments, disaster recovery, and business continuity testing under CPS 230. Real-world challenges and solutions around supplier management and resilience program scaling are detailed from CISO perspectives.