Major bank stepping up cybersecurity efforts

In the wake of the Optus breach, banking giant is giving it "enormous attention," exec says

Major bank stepping up cybersecurity efforts

Commonwealth Bank has conducted three external reviews of its cyber and data security in the last year as it races to stay ahead of the increasing severity and sophistication of cyber crime, the bank’s leadership said.

CBA chairman Paul O’Malley was asked by investors at its annual general meeting how the bank was safeguarding its data, The Australian reported. The issue has weighed on Australian businesses since a cyber breach at wireless carrier Optus last month compromised the information of nearly 10 million people.

“In relation to cyber and scams and frauds, I think you hit on one of the biggest issues in Australia and globally today,” O’Malley said. He said cybersecurity was “front of mind” for CBA’s board and management.

“We can’t be complacent … as a bank, we’ve got to make sure we invest more and more and ensure we have the right skills,” he said.

O’Malley’s comments come on the heels of a warning by the Australian Prudential Regulation Authority that an eventual cyberattack on the nation’s financial institutions was inevitable.

Speaking before a parliamentary committee on Monday, APRA chairman Wayne Byres said that while banks have bolstered their defences, they would still eventually be targeted by a cyberattack.

Read next: Cyberattack on Australia’s banks is inevitable – APRA

“Financial institutions, at least in a broader context, are quite advanced [in cybersecurity], but what we also know is that, at some point, some sort of event will happen,” Byres said. “It doesn’t matter what sort of defences you put in place. As much as we focus on the defences that have been built and making sure defences and controls are as robust as they can be, it’s equally important to be investing in response capabilities so that you can identify any breaches quickly, limit the damage and work out how you will respond as efficiently and as promptly as you can.”

Rob Whitfield, CBA non-executive director and chairman of the bank’s risk and compliance committee, told investors that CBA was not complacent about the threat, The Australian reported.

“In the last year alone, we had three external reviews where we were able to benchmark CBA’s progress on our cyber program and benchmark ourselves internationally,” Whitfield said. “These reviews – in combination with our penetration testing, our simulation exercises, our frameworks – help us prioritise our resources into protecting the bank. I can assure you that we give it enormous attention.”