Bank of Queensland: The sector is getting better at sharing information
Bank of Queensland (BoQ) claims to be Australia's seventh largest bank, with business from about one-third of the state. Although the financial services sector in Australia is largely dominated by four major banks, which combined hold a 95 percent share of the industry, BoQ chief risk officer Peter Deans said the sector is getting better at not isolating itself from other players in the area of cybersecurity.
"I think a couple of years ago the banking sector tended not to talk too much to each other about cyber threats -- it was a little bit of a closed shop, certainly within the larger institutions, it was almost seen as a bit of a competitive edge to be safer than the bank or the shop next door," Deans told the SINET61 conference in Sydney last week.
"I think the last couple of years that's completely gone and I think that whole concept of competing trust has gone away."
According to Deans, the past 12 months has seen the sector communicating and sharing more information, including security concerns and threat intelligence. He touched on government playing a part in instigating cross-bank communication.
"What we've seen that has been good in the last 12 months -- and I think government has played a bit part in this -- has been fostering a lot more dialogue and sharing of information that actually is helping us as both an individual participant in the payments and commerce sector, as well as relying on our external business partners and banks we deal with everyday," he said.
"I think there's a lot more acceptance that everyone needs to share and be a lot more open. That's been a pleasing thing for 2017."
However, it's not just finance-related information sharing.
"For us, we're trying to look at ways to make sure that we as an organisation are resilient over the business, so we don't lose customer data and customers' money obviously," he said.
To Deans, businesses in the sector and the critical infrastructure community have come a long way when it comes to information sharing.
"I think in a lot of areas such as cybersecurity, data privacy, the risk appetite is very low, if not nil," he said.
"I think when you talk about critical infrastructure, risk appetite is pretty much near zero."
He said, however, that when an organisation introduces a risk-based approach in-house and conducts risk assessments "everyone does get a little bit carried away".
"You need to really look at the scenarios that happen," he explained. "If something goes wrong when you've adopted a risk-based approach, it's really quite problematic."
For the first half of the 2017 financial year, BoQ reported a 6 percent year-on-year drop in after-tax profit to AU$161 million.
BoQ reported AU$252 million in operating expenses for the six-month period, which included a AU$55 million spend on IT-related initiatives, such as a new application programming interface (API) gateway the bank said will make it easier and faster for BoQ and its partners to develop new mobile capabilities in the future.
A recent report from Capgemini suggested that banks address the "threat of disruption" by combining their strengths with those of fintech startups, with one such method being to open up APIs to other players.
According to the consultancy firm, the future success of banks will require a shift towards a more open banking model, which will result in "uncorking the creativity" of third parties and generating opportunities the industry has not experienced before.