Table of Contents
The cyber threat landscape is rapidly evolving, presenting significant challenges to CIOs, particularly in Australia’s highly regulated financial services sector. Malicious actors are stealthy and their cyberattacks wreak havoc, resulting in severe financial losses, reputational damage, and regulatory penalties, making cybersecurity incident management essential in today’s digitally driven world.
While cyber incidents typically occur within individual companies, there is increasing concern that a major cybersecurity event could disrupt parts of Australia’s financial system. The Council of Financial Regulators (CFR) has recently identified cyber risk as one of the top threats to the nation’s financial system. An incident is considered “systemic” if it significantly disrupts vital functions, preventing the system from operating effectively. Due to their ability to target multiple institutions at once, cyberattacks are more likely than other incidents to have systemic repercussions.
Australia’s financial sector has already experienced some high-profile cyberattacks over the years. For example, Latitude Group Holdings was compromised through a major vendor, believed to be a back-end infrastructure provider, resulting in the theft of approximately 14 million records containing customers’ personal information. Additionally, there have been other worrying incidents, such as Medibank, a health insurance provider that suffered a significant data breach where 9.7 million records were stolen. Beyond Bank, one of Australia’s largest consumer-owned banks, was recently targeted by a distributed denial of service (DDOS) cyberattack.
As the frequency and sophistication of cyber threats escalate across the sector, CIOs must do their bit to protect the industry by enhancing their cybersecurity strategies, moving beyond basic security measures and firewall protection.
The critical role of incident management in reducing impact and recovery time
Cybersecurity incident management involves a systematic approach to preparing for, detecting, responding to, and recovering from cybersecurity incidents. The main objectives include minimising the impact of incidents on business operations, preserving data integrity, and ensuring regulatory compliance. Effective incident management addresses the immediate threats and improves an organisation’s overall security posture by learning from past incidents.
Organisations can effectively contain threats, reduce damage, and restore services with a well-structured response plan. This structured approach helps prevent minor incidents from escalating into major failures that could disrupt essential financial services. That leads us to the critical question – How are mutual ADIs and commercial banks successfully addressing cybersecurity challenges?
1. Increasing cybersecurity spend
Cybersecurity has become a top priority for Australian banks, with spending on security increasing by 6.2 per cent, outpacing global trends. While cybersecurity accounts for 17 per cent of the average bank’s budget in Australia, this is still lower than the 24 per cent spent by banks worldwide.
2. Strengthening cybersecurity leadership
Some of Australia’s banks, such as Bendigo and Adelaide Bank, are making major changes to their leadership teams, focused on increasing their bench strength as the company progresses to its next phase of digital transformation. These changes include increased investments in security capability and setting up a dedicated incident management team.
3. Building institutional resilience
The Cyber Operational Resilience Intelligence-led Exercises (CORIE), led by the Council of Financial Regulators (CFR), tests cyber resilience by simulating sophisticated cyberattacks using real-world tactics and live production systems. To be rolled out progressively over the next few years, this approach challenges institutions to detect, respond, and recover in real-time, offering valuable insights into their strengths and vulnerabilities.
4. Investing in advanced threat-detection systems
Teachers Mutual Bank (TMB) is Australia’s first customer-owned bank to implement anti-scam technology developed by the Commonwealth Bank of Australia (CBA). This system bolsters TMB’s incident response capabilities by identifying and preventing financial scams in real time, allowing for quicker detection and mitigation of fraudulent transactions.
5. Creating a comprehensive incident management strategy for cybersecurity
Australian Mutual Bank has taken significant steps to enhance its cybersecurity posture by implementing a comprehensive incident response plan that includes regular training and awareness programs for its staff. This proactive approach has helped the bank to effectively manage incidents by ensuring that employees are well-prepared to recognise and respond to attacks.
Strengthening cybersecurity through incident management in mutual banks: The need for expert support
Unlike larger banks, mutuals often lack the budgets and resources for robust cybersecurity teams and solutions, making them more vulnerable to attacks. Cybercriminals are likely to target weaker defences, and mutuals’ smaller scale and limited financial capacity makes them prime targets. Additionally, while the shift to cloud-based technologies and APIs helps mutuals meet customer demand for online services, it also creates new risks requiring specialised cybersecurity expertise—skills in short supply.
In summary, all banks and mutual ADIs have a role in protecting their businesses from increasing cyberattacks and in helping protect the industry. As APRA’s new CPS 230 regulatory framework comes into force, mutuals will face even more pressure to strengthen their cybersecurity resilience and compliance. As a trusted partner to the mutual ADI sector for over three decades, Experteq is well-positioned to support mutuals in navigating this evolving landscape, helping them meet regulatory requirements while enhancing their cybersecurity posture to protect against growing threats.