investor daily logo

Big four come out swinging on cyber

By Lachlan Maddock
4 minute read

One of the more surprising revelations of last week was the fact that the big four have been toughening up their cyber security policies.

Banks represent lucrative targets to cybercriminals due to the large amounts of personal and financial customer data they hold, and the majors have previously drawn criticism for their use of outdated IT systems that drastically increase the risks posed by cyber attacks.

But NAB’s strong showing before the standing committee on economics last Friday should dampen fears that the major banks aren’t doing enough to address cyber risks.

“We are active daily in identifying potential threats and shutting them down, and we work closely with all of the authorities across the landscape to assist in that,” interim NAB CEO Philip Chronican told the committee last Friday.


“I haven’t recently had any data, but I know that every day there are attempts to attack our environment and every day we are beating them back.”

NAB CFO Gary Lennon revealed that the bank’s spending on cyber security had tripled to $150 million over the last five years. NAB has also established a cyber security summit for medium-sized business customers to make sure their experience is passed to their customer base. 

ANZ also now employs over 200 people in its cyber security team, with spending in the order of hundreds of millions of dollars.

But CEO Shayne Elliott notes this has pushed attackers towards other vulnerabilities. 

“The point of weakness is customers and/or other parts of the ecosystem, so they’re much more likely to target, sadly, vulnerable people, who are duped into providing access to their accounts through passwords or other things,” Mr Elliott told the vommittee last Friday.

“We’re seeing a rise in that kind of activity as a result of the fact that the bank systems are actually incredibly secure,” he said.

Mr Elliott also touched upon the possibility of state-backed attacks, which are becoming more likely – and more devastating – as more states engage in cyberwarfare. 

“We are constantly monitoring all parts of our network for risk and acting, whether that’s low-level cyber risk, such as amateurs trying to hack in, or whether it’s sophisticated nation-state activity etc,” Mr Elliott said. 

Westpac has also increased their spending and now invests more than $50 million a year to upgrade various cyber security facilities. 

“Relative to a couple of years ago, I feel that we are in pretty good shape; but it is certainly nothing that we can be complacent about,” Westpac CEO Brian Hartzer told the standing committee on 8 November.

“I would also say that there is much more coordination and collaboration across the sector and between the sector and various government agencies to make sure that we share intelligence and continue to help each other to strengthen our protections.”