CyberHUB
The rise of cybercrime
Reading time: 2 minutes
As at 31 December 2024 technology solutions and research consultancy Finura Group found the majority of advisers are relying on email to send sensitive documents and information, with 69% of advisers sending documents such as Statements of Advice (SOAs) by email.
The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) is the Australian Government’s technical authority on cyber security. It notes cybercrime involves activities such as compromising emails, business emails, and online banking fraud which currently make up the top three cybercrime types for business.1
According to the ASD’s Annual Cyber Threat Report 2023-2024, Business Email Compromise (BEC) where criminals impersonate business representatives by using compromised email accounts or a domain name that looks like a real business, generated $84million in losses.2
Further, over 1400 reports of BEC made to law enforcement through ReportCyber (part of the ACSC) led to a financial loss which on average, was over $55,000 per incident with most confirmed BEC reports coming from QLD.
Last financial year the ACSC received more than 36,700 calls to its Hotline, an increase of 12% from the previous year. The average cost of cybercrime for a small business increased 8% to $49,600, and for a medium business is estimated at $62,800.
Given more than 27% of licensees are privately owned and made up of 1-10 advisers, cyber incidents are likely to impact a growing number of advisers. Additionally, both these estimates are likely to be conservative given that a business may also be liable for damages to their clients where data and/or privacy has been breached, further blowing out costs.3
The Office of the Australian Information Commissioner’s recent legal action against Medibank alleged contraventions of the Privacy Act with a maximum civil penalty of up to $2,220,000 for each contravention, theoretically equating to a cost to the health insurer of $21.5 trillion. 4
Commenting on the current Medibank Private case where it is alleged the health insurer failed to protect the medical details of 9.7 million Australians following a Russian cybercriminal incident in 2022, Privacy Commissioner Carly Kind said:
“This case should serve as a wake-up call to Australian organisations to invest in their digital defences to meet the challenges of an evolving cyber landscape. Organisations have an ethical as well as legal duty to protect the personal information they are entrusted with and a responsibility to keep it safe.” 4
Resources
- Australian Signals Directorate – https://www.asd.gov.au/
- ASD Annual Cyber Threat Report 2023-2024 – https://www.cyber.gov.au/about-us/view-all-content/reports-and-statistics/annual-cyber-threat-report-2023-2024
- Q4 2024 Adviser Musical Chairs Report Adviser Ratings – https://pro.adviserratings.com.au/docs/Musical_Chairs_Report_2024_Q4.pdf
- Australian Financial Review – https://www.afr.com/technology/medibank-faces-maximum-21-5trn-fine-in-new-cyber-hack-case-20240605-p5jjeg
Learn more about our all-in-one secure client portal
Continue reading
The Regulator’s stance on cyber
Although the Australian Investment and Securities Commission (ASIC) does not prescribe technical standards on cybersecurity, there is an expectation for licensees to address cyber risk as part of their AFS licence obligations, including risk management.
Dive into the conversation
The rise of cybercrime
Cybercrime involves activities such as compromising emails and online banking fraud, which according to the Australian Government’s Australian Signals Directorate (ASD), currently make up the top three cybercrime types for business.
The Regulator’s stance on cyber
Although the Australian Investment and Securities Commission’s (ASICs) does not prescribe technical standards on cybersecurity, there is an expectation for licensees to address cyber risk as part of their AFS licence obligations, including risk management.
Mandating cyber change – A case study
With cyber now listed as a major risk for the company, client portals have enabled Centrepoint Alliance’s adviser network to meet its mandated cyber standard and to facilitate client engagement and security.
Letter box versus inbox – security does differ
Two decades ago, important documents were sent in the mail and stayed in our letter box until we collected it, but this has been replaced with email and cluttered inboxes, leaving it prone to cyber security threats.
Cyber threats – Current response from financial professionals
Despite financial professional’s concern over cyberthreats, most have not acted fast enough and taken advantage of the appetite for change and the tail winds provided by government websites, cyber campaigns and media coverage.
Cyber resilience and its application
Over the past decade, Government and regulators have built a framework of governance for businesses to provide them with a structured approach to cyber-incidents and accountability.
Cyber security quick wins – Tips and techniques
Developing a cyber risk management plan takes some time, but there are some strategies that financial professionals can put in place while it does this, including multi-factor authentication and protecting domain names.
Trends from the US – What does this mean for your business?
Research in the US by Adviser 360 has found advice businesses that fail to invest in technology solutions to be more productive and better able to satisfy their clients, run the risk of being left behind.
How does your digital client experience stack up
Consolidated logins where customers use one login to access a range of services is now the norm and they have become a common way for people to engage with their service providers, setting the standard on client experience.
It’s time to transition to client portals – A case study
With cyber now listed as a major risk for the company, client portals have enabled Centrepoint Alliance’s adviser network to meet its mandated cyber standard and to facilitate client engagement and security.
Imagine the possibilities – Key benefits of client portals
Client portals are fast emerging as a core capability in nurturing safe and secure collaboration between clients and their financial professionals.
Whole of wealth approach with client portals – A case study
An early adopter of client portals, Sherlock Wealth’s Owner and CEO, Andrew Sherlock, said it’s an integral piece of technology that his business uses with many of its clients.
Break the reliance on email – Together, we can make a difference
Financial professionals, as trusted advisers, can take a leadership position in ensuring data security with their clients, leveraging client engagement to provide them with a reason to do it.