Good businesses know where their risks lie.
At ANZ, when we speak to our customers and other business leaders it’s clear cybersecurity – and the impact of scams and fraud, in particular – is right near the top of every organisation’s list of risks.
The digitisation of Australia’s economy, which rapidly gained pace during the COVID-19 era, has brought innumerable benefits but also increased risk. In recent years few organisations have been unaffected by the threat of cybercrime to their ongoing operations.
The costs for business can be significant. In 2022, PwC said the total annual cost for Australian businesses from cyberattacks could be around $A10 billion annually. One very high-profile recent cybercrime victim put the cost of its data breach at between $A40 million and $A45 million. In July, IBM reported the average cost of a breach in Australian had risen to more than $A4 million.
The reputational cost may be even greater. According to a 2021 PwC survey, 64 per cent of respondents in Australia would consider changing providers in the event they were caught up in a cyberattack on an essential service. Among the millennial and Gen Z generations, that rises to 77 per cent.
But advanced forms of attacks are not the only types that can come with a significant bill. According to a November report from the Australian Cyber Security Centre, the total cost of each cybercrime reported in the country in 2022 rose by an average of 14 per cent – to figures of $A39,000 for small business, $A88,000 for medium business, and more than $A62,000 for large business.
Scams and fraud alone cost Australian citizens $A3.1 billion in 2022, according to the Australian Competition and Consumer Commission – an annual record, and 80 per cent higher than 2021.
In October I wrote about the impact of scams on consumers and the broader economy. The message I shared there was banking, shopping and interacting online free from scams was possible if the right precautions were taken.
The challenge for businesses, particularly at the institutional level, is different - but just as significant. And the lessons on precaution are very similar.
The pace of the modern digital landscape means in many cases businesses can have just hours, or even sometimes minutes, to address incidents which can have devastating impacts on their organisations.
For large companies, business email compromise, a specific type of ‘phishing’, is a clear and present risk. According to the ACAC, self-reported losses thanks to BEC increased to more than $A98 million in 2022. Common BEC scams see bad actors pose as trusted figures – like executives, suppliers or staff members – in a bid to fool recipients.
Rising cyber events, fraud and scams are an insidious problem, and ANZ is working closely with other banks, industries and the government as we tackle the issue. If scammers are to be defeated, the issue must be tackled by the community. Everyone from banks, regulators, law enforcement, social media and the telcos have a role to play.
Australia’s policymakers have taken positive steps. The 2023 Federal Budget included planned spending of $A86.5 million to combat scammers and fraud.
For its part, ANZ has been active, including recently notifying around six million ANZ and ANZ Plus customers about the increase in sophisticated scams and fraud. In the last 12 months, ANZ has prevented more than $A100m from being transferred into the hands of cybercriminals.
To counter the harmful impacts of scams, fraud and data loss, the whole ecosystem needs to be innovative and collaborative in the way we work together.
There’s no single solution or precaution businesses can take to ensure they are safe from cybercrime. Leading businesses take a more holistic view, applying cybersecurity best practice across all elements of their organisations – technology, processes and people.
ANZ’s guidance includes four key preventive measures. The first is to ensure multi-factor authentication is implemented across all systems where available, helping limit unauthorised access and providing certainty around user identity in the battle against fraud.
Indeed, it’s recommended accounts with privileged system access only be used for administrative purposes and be subject to regular reviews.
The next recommendation is to perform regular system backups. This can form a vital part of recovery plans in the event of an incident, particularly one that destroys data or impacts technological performance.
And finally, ensuring systems and software are patched and up to date is critical.
At ANZ, keeping data and payments systems secure is our number-one priority. ANZ runs a security operations centre that operates 24 hours a day, 365 days a year, and is continually evolving its technology and processes to combat the rapidly changing nature of cyberthreats.
To protect our banking infrastructure and reduce the risk of digital security threats we have implemented several innovative controls, including artificial intelligence capabilities, across our security systems. Machine learning and AI help the banks security operations centre ingest over 12 billion data points a day, allowing us to quickly respond to potential events. ANZ has also deployed machine learning to help detect ANZ accounts being used to receive funds from scam victims.
The bank has worked with biometric capabilities to identify anomalies on its digital-banking platforms. We employ sophisticated algorithms to help detect and prevent customer scam losses across multiple payment channels. ANZ has also put in place measures to stop scammers from adopting the ANZ label in text messages.
While ANZ is investing heavily in cybersecurity, all businesses have an equally important role to play in protecting the industry from cybercrime.
At ANZ, we encourage all our customers work with us to increase the security practices in place to protect their banking. The scope of scams and fraud can vary wildly, but the key message on precaution remains the same.
Shayne Elliott is CEO at ANZ
This publication is published by Australia and New Zealand Banking Group Limited ABN 11 005 357 522 (“ANZBGL”) in Australia. This publication is intended as thought-leadership material. It is not published with the intention of providing any direct or indirect recommendations relating to any financial product, asset class or trading strategy. The information in this publication is not intended to influence any person to make a decision in relation to a financial product or class of financial products. It is general in nature and does not take account of the circumstances of any individual or class of individuals. Nothing in this publication constitutes a recommendation, solicitation or offer by ANZBGL or its branches or subsidiaries (collectively “ANZ”) to you to acquire a product or service, or an offer by ANZ to provide you with other products or services. All information contained in this publication is based on information available at the time of publication. While this publication has been prepared in good faith, no representation, warranty, assurance or undertaking is or will be made, and no responsibility or liability is or will be accepted by ANZ in relation to the accuracy or completeness of this publication or the use of information contained in this publication. ANZ does not provide any financial, investment, legal or taxation advice in connection with this publication.