The RBA’s latest Financial Stability Review listed cyber-attacks as one of the chief non-financial risks to the Australian economy, citing the widespread use of outdated IT systems at Australian banks as one of the vulnerabilities that hackers could exploit.
The RBA also noted that many Australian banks use the same third-party IT systems, creating a systemic vulnerability that could be used to launch an attack on multiple institutions.
Cyber-attacks can impact institutions and customers alike. Customers can have their identities and finances stolen, while institutions may experience reputational damage.
“A successful attack on an institution could even result in a lack of confidence in the banking system more broadly, with potential withdrawals of funds from financial institutions and liquidity issues for the financial system,” RBA assistant governor Michele Bullock told the CBA Global Markets Conference in 2018.
The lack of precise data on cyber-attacks makes it harder to determine where hackers can strike. Few institutions are willing to disclose this information due to the reputational risks involved.
Both Bank of Queensland and AMP have recently experienced data breaches involving third-party providers and contractors. In both instances the personal data of customers was stolen, including drivers’ licences and addresses.
A money-making opportunity?
But cybercriminals aren’t the only ones that stand to gain. In the modern world, where everything from transport systems to houses are networked, cyber security is a massive growth industry.
The global cyber security market is currently worth around $197.1 billion and is likely to increase to $349.1 billion by 2026.
“Cyber security is part of the ‘new world’ economy and it will continue to be critically important the more our lives, and consequently our personal data, move online,” BetaShares CEO Alex Vynokur told Investor Daily in March.
“Demand drivers for the cyber security industry remain strong, and we believe investors will continue to recognise the opportunity to be part of this story and seek investment opportunities that provide access to this sector.”
One growth area for the cyber security industry is the Indo-Pacific, where rapid development of online financial infrastructure has driven demand for the means to protect it.
The Indo-Pacific will account for one-quarter of global cyber security spending by 2026, providing numerous opportunities for Aussie investors to expand their cyber security portfolios.
The ever-evolving nature of cybercrime and a lack of awareness of how it is carried out mean that few institutions are prepared for a potential attack.
“Businesses are a half-step behind,” Bailador CEO David Kirk told Investor Daily.
“You’re constantly trying to stay up to speed, but cybercriminals move a bit faster.”
Large scale cyber theft can employ a number of strategies, including social engineering and phishing, as well as “inside men”, to install malicious software like keyloggers that can be used to harvest passwords and other personal information from financial institutions.
Even the most sophisticated organisations can fall prey to cyber-attacks. Low-tech intrusions can be particularly effective; an Iranian nuclear plant was crippled when an employee inserted a USB infected with a US military virus into one of the plant’s computers.
“We can never give up being as vigilant as possible,” Mr Kirk said.
“Cybercriminals work fast and invest a lot of money and a lot of time to beat cyber security.”