APRA CPS 234 is a prudential standard issued by the Australian Prudential Regulation Authority (APRA) that sets out mandatory requirements for information security within APRA-regulated entities. These organisations include banks, insurers, and superannuation funds operating in Australia. CPS 234 requires entities to maintain robust information security capabilities, implement effective controls to protect sensitive data, and promptly respond to cybersecurity incidents. The standard emphasises accountability at the board and executive level, requiring organisations to ensure information security risks are appropriately managed across internal systems and third-party service providers. CPS 234 also mandates testing of security controls and reporting of material cybersecurity incidents to APRA. Compliance with CPS 234 is critical for regulated financial institutions, as it ensures protection of financial systems, customer data, and operational resilience in the face of evolving cyber threats.