The financial services watchdog has put Medibank Private’s management on notice, flagging it would take further action against the health insurer’s executives if the company’s risk management is found to be inadequate.
The Australian Prudential Regulation Authority (APRA) on Monday said it had intensified its supervision of Medibank in response to the recent cyberattack that exposed its entire customer database. APRA member Suzanne Smith said the regulator had provided its input into the external review announced by Medibank on 16 November to ensure that it will meet APRA’s requirements.
Sensitive Medibank customer data has been leaking onto the dark web.Credit:Getty Images / Louise Kennerley
The external review, to be carried out by Deloitte, will examine the cyberattack, the effectiveness of Medibank’s controls, and its response to the incident.
“While APRA notes Medibank’s constructive response to date, APRA will consider whether further regulatory action is needed when findings of the report become clear,” Smith said.
“APRA expects Medibank to undertake any recommended remediation actions and ensure there is appropriate consequence management, including impacts to executive remuneration where appropriate.”
The prudential regulator’s sentiment echoes that of proxy advisors who have warned that Medibank’s management’s must be held accountable if the Deloitte review deems its handling of the cyberattack to be inadequate.
Before Medibank’s AGM this month, CGI Glass Lewis flagged that board renewal and executive scalps might be needed over the coming year and raised the spectre of executive pay “clawbacks” to account for any executive shortcomings that had allowed the attack to be so damaging.
“It may be the case that in due course, the board and executive team will require renewal to a) bolster its skills and knowledge of cybersecurity and b) show accountability for the loss of privacy to its customers and the loss of value to Medibank shareholders,” CGI said.
Medibank chief executive David Koczkar said the health insurer has been in regular consultation with APRA since the cyber incident. This included consulting on the scope of the external review by Deloitte.
For all the latest Business News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsBit.us is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
