Cyberattack on Australian bank could threaten financial system, but risk is low

A successful cyberattack or data breach at an Australian bank could threaten to destabilise the country’s financial system given the interconnectedness and concentration of the sector, however the overall risk of this happening remains low.

Following the Optus data breach, which exposed the personal data of nearly 10 million customers, a S&P Global report into banking cybersecurity found that like telcos, banks are an attractive target for hackers given the amount of personal information they store.

A successful cyberattack or data breach at an Australian bank would threaten to destabilise the country’s financial system, says S&P Global banking analyst Nico DeLange.Credit:Bloomberg

While the overall level of cyber risk for the Australian banking system was low, the report’s author, Nico DeLange, said it was a growing threat for lenders, with regional banks the most exposed.

“Similar to Optus, banks also keep a hell of a lot of personal information and if there is a breach then that could result in some economic losses for institutions,” he said. “They keep more information, therefore their risk of data breach losses is a little bit higher.”

Because banks have direct access to the payment system, it makes them an attractive target.

“If an attacker gets access, and is able to make payments or able to access the payment system, that can have significant consequences.”

DeLange said that cyber risks posed a threat to the stability of the Australian financial system, which is heavily interconnected. The sector is dominated by the big four banks and a successful attack on even one lender could affect the national system.

Many banks also use third-party service providers, and an attack on one of these providers could also cripple banking operations, he said.

This week, the names and email addresses of some NAB and Telstra employees were leaked in a data breach at a third-party provider of reward programs.

The other issue facing the banks is a skills shortage in cybersecurity. The bigger banking players have deeper pockets to retain and attract talent, but smaller players might struggle, DeLange said.

“It is a competition for skills not only between themselves, but also with information technology companies and other companies. With COVID, that also didn’t help just in terms of skilled migration coming into the country.”

Banks with a significant customer base but relative lower revenue numbers, such as several regional banks, have a high risk of a data breach, the report found. Other factors that influence risk could include the number of unique IP addresses a company has, its volume of network traffic, and the popularity of its website.

“Cyber risk is an evolving risk,” said DeLange. “The frequency and sophistication of attacks are on the increase and the banking industry as a collective faces the challenge of combining efforts to manage the risk. Failing to do so could have systemic implications.”

In a research note released on Wednesday, Jarden analysts said that the recent data breach at Optus could have happened to any Australian company given the rise in frequency and severity of cyberattacks. They expect listed companies to lift their focus on and investment in data privacy, cybersecurity policies and risk management plans in the wake of the Optus breach.

They said that the banking sector was aware of the risks of being exposed to cyberattacks and it was an ongoing focus for them.

“We view banks as having amongst the best access to data, both first party and third party via open banking giving them insight into both financial status and spending habits,” they said.

“Whilst data is key for general operations (i.e. lending decisions), outside of this utilisation of data is at different levels for different banks. Notably, whilst not all had externally facing cybersecurity policies, all had cybersecurity programs for customers with a focus on reducing vulnerability to cybercrime. One area all banks have been utilising data is in informing and backing decisions to reduce branch numbers.”

The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.

Most Viewed in Business

From our partners

Source: Read Full Article