How trust and resilience will shape AI

People may think of ANZ as a retail bank, but we are the largest wholesale bank in Asia Pacific and are responsible for approximately 60 per cent to 70 per cent of all payments across Australia, NZ and the Asia Pacific region combined.

"Cybersecurity is no longer just about protecting money and data it’s about safeguarding our way of life.”

And yet there’s something we trade in more heavily than money. Without it, none of our Retail, Commercial or Institutional banking achievements would be possible – and that is trust.  

Trust is the cornerstone of everything we do at ANZ. Customers trust us to keep their money safe. Both the security of their money and the protection of it from cyber threats.   

Customers also trust ANZ with sensitive personal and financial information. They rely on us to maintain the confidentiality and integrity of their data, ensuring it is not misused or disclosed without consent. 

This is the foundation of our relationship with our customers. And in 2024, this relationship has never been more fragile. Over the past two years, Australia has witnessed exponential growth in digital technologies.

This has transformed the way we live, work and communicate. Alongside these advancements, however, the threat landscape has also grown more sophisticated and exponentially more nefarious.

Cybersecurity is no longer just about protecting money and data – it’s about safeguarding our way of life.

Wake up call

Recent attacks on many companies – including in Australia – have left us questioning the safety of our financial data. Everything from credit card numbers, passport details, drivers’ licences, email addresses, phone numbers and even loan histories and medical records have been compromised.

These attacks illustrate how cyber-attacks have drastically devolved our online lives and I believe it was a huge wake up call for many of us regarding what data we share on the internet and how we can best protect it.

We are also observing examples of the sensitive and personal information exposed in these major events being exploited by scammers. Whether it helps with crafting more convincing phishing attempts or informs the approach for sophisticated impersonation scams.

This convergence between cyber and scams events not only amplifies the effectiveness of these crimes with malicious actors tailoring their tactics according to the data, but also heightens the importance of cybersecurity.

While a major bank hasn’t yet been breached, it is worth contemplating the ramifications if it were to happen. 

Not just the devastating hypothetical effects to our day-to-day lives; from paying our bills and transferring money to the ability to withdraw cash from an ATM. But also the devastating effect it would have on the stock exchange, our international payment systems, and our economy. 

But again, more importantly, what would it do to peoples’ trust in our banking system? What would happen if people no longer trusted us to hold and move their money?  What would this mean for the fabric of our society? This is what’s at stake for us in 2024.  

And I believe we are at a pivotal moment in cybersecurity and its role in safeguarding that trust. Because the threats are not just advanced, they are transformative and this requires us to constantly adapt. 

Cybersecurity is entering a new era of complexity and sophistication. Significant global data breaches have exposed clear gaps in cyber resilience, with major organisations struggling to recover data and restore processes in a timely manner. 

Global geopolitical events have also intensified the cyber threat landscape, with nation states increasingly engaging in cyber warfare and espionage against Australian targets. These events have complex and sensitive diplomatic implications.  

Supply chain disruptions and security implications of wide-spread adoption of AI are adding to the threat, with cybercriminals leveraging advanced techniques, weaponising artificial intelligence and machine learning to launch more persistent attacks which are more challenging for our teams.  

New opportunities

A global talent shortage is also adding to the challenge. This volatility requires us to adapt our approach to ensure we not only deliver resilience and trust, but also business value through new technology.

And for the record, the use of AI to improve cybersecurity is definitely not new. AI has been used for many years to help interpret and respond to input data. Generative AI on the other hand, is bringing new opportunities.

It is powerful, scalable, and flexible and opens up endless possibilities for industries, including ours, that are dependent on innovation and enhancing the customer experience.    

However, the overwhelming speed at which generative AI is being integrated into our lives means it has the potential to dramatically reshape our digital landscape.

Coupled with the pace of experimentation by organisations, the question is ‘how do we maximise the value and minimise the risks?’ We are focusing on how we get this right so we can ensure the safer and more widespread adoption of AI.    

This includes ensuring our security teams proactively embrace AI, while helping to identify how we can assist our business divisions to embed cyber measures into their AI models to ensure we develop trustworthy, robust and resilient system design.   

While I believe we have some of the best cyber security teams with some of the best technology to detect and respond to malicious activity, I want to stress technology cannot do the heavy lifting alone.

In fact, I believe our greatest line of defence is our people. Cybersecurity requires a security-first culture, both across our organisation and with our customers if we are to help shape a world where people and communities thrive. 

And as the threats we face continuously evolve – education and awareness are paramount. It’s no longer just the responsibility of cyber security departments or even technologists to drive.

We need every individual to play a role in building ANZ’s resilience to keep our systems and data safe and to help preserve the trust of our customers and the wider community. As we navigate the changing cybersecurity landscape, collaboration, innovation and vigilance will be our strongest assets.

Maria Milosavljevic is Chief Information Security Officer at ANZ.