Powered by MOMENTUM MEDIA
Powered by MOMENTUM MEDIA
subscribe to our newsletter
subscribe to our newsletter

Banks must do better on cyber security: KPMG

Changes to the Privacy Act that make it mandatory to report serious data breaches could have grave reputational consequences for financial institutions, says KPMG.

Speaking to Mortgage Business’ sister publication, InvestorDaily, KPMG Australia cyber partner Gordon Archibald said banks and financial institutions are “still being compromised”.

“Banks are still a really big target. But we really don’t know on how big a scale that is because at the moment things are kept pretty confidential,” Mr Archibald said.

Advertisement
Advertisement

As it currently stands, the Privacy Act requires businesses to take reasonable steps to secure personal information they hold, but it does not mandate notification following a data breach.

However, that could change with the passage of the Privacy Amendment (Notification of Serious Data Breaches) Bill 2015, which would make disclosures of security breaches mandatory.

The federal election has created come uncertainty regarding the legislation’s passage, but Mr Archibald expects it to be enacted within six to 12 months.

“Mandatory disclosures with the Privacy Act, if it comes in, will change things. There will be penalties, but the reputation impact will be much more significant,” he said.

As it is, banks are doing their best to protect client data, but there is “no silver bullet”.

“There have been a number of breaches, a number of which haven’t been communicated,” Mr Archibald said.

KPMG’s forensics team has been involved in several internal bank cyber security investigations, but the company is under non-disclosure agreements, according to Mr Archibald.

“Every audit that we do, every penetration assessment, every vulnerability assessment … we’re still finding critical systems missing critical patches,” he said.

Financial institutions are making attacks too easy, with cyber security hygiene “pathetic” in many instances, Mr Archibald said, adding that applications are still being installed with default passwords and security policies are not being enforced.

“Organisations must have cyber top of mind. They should embrace that within business risk rather than it being a fear factor,” he said.

“We really want to see cyber as an enabler – and that’s through having the confidence in your controls to make bold decisions.”

[Related: ASIC warns industry on cyber security]

Banks must do better on cyber security: KPMG
mortgagebusiness

Latest News

The non-major has introduced a new digital verification tool in a bid to simplify the application process via the third-party channel. ...

An online mortgage marketplace has received a funding boost from a venture capital firm to bolster its lending operation. ...

Auction clearance rates have risen to their highest level since the onset of the COVID-19 crisis, new data has revealed. ...

FROM THE WEB
podcast

LATEST PODCAST: Brokers continue to step up for clients

Do you expect COVID-19 to reduce or increase your business flows?

Why we’ll keep delivering for our communities in the face of COVID-19

alex

As Australia tries to keep pace with a rapidly changing business and social landscape in the wake of COVID-19, Momentum Media is leading the way delivering essential content to our communities, writes Alex Whitlock, director of Mortgage Business.

Read more

Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.