Cyber threats are one of the biggest risks organisations face today. A cyber attack has the potential to compromise sensitive data, or even bring operations to a halt and put lives at risk.

CommBank’s Cyber Security team works hard to defend its systems and protect its people and customers from cyber threats, but everyone across the bank plays a bigger role in digital security than you may know.

Cyber security – not just a technology problem and not just a technology solution

Year after year, vendors release reports detailing the high volume of attacks which involve a ‘human element’ – typically something like using a weak password, or inadvertently providing information or access via a phishing email.

If most cyber attacks still require human intervention to be successful – then humans can also stop them, provided they can detect them. 

So, what makes some people really good at detecting the start of a cyber attack? And is this a skill you can learn?

These are just two of the questions the Bank’s Cyber Security Education Team in partnership with Behavioural Data Science expert Alexander Kharlamov is attempting to answer as part of a longitudinal study currently underway.

What is the Cyber Security Behavioural Study?

The Cyber Security Behavioural Study aims to identify how savvy CommBank staff are at identifying cyber risks, and how likely they are to take action concerning a cyber risk.

The team’s goal is to change how we think about cyber security and redesign cyber security training, increasing employees’ readiness to detect and effectively address cyber security threats, particularly concentrating on ‘new’ threats, for which we do not have sufficient historical data.

In the first part of the study, the team wanted to understand what the human cyber risk profile looks like at CommBank to see if the current approach to cyber security training and awareness is targeting the right areas and equipping staff with the knowledge they need to protect themselves and the organisation.

The next phase of the study looked at how well staff can detect an actual cyber attack, with the aim of understanding what types of training are most likely to result in a positive behavioural shift and whether or not this is dependent on individual risk profiles of staff.

Can we become a more cyber resilient workforce?

The next stage of the research is to develop and test different training approaches with study participants. The goal is to turn each employee into a human cyber detection champion, increasing the bank’s overall organisational robustness and resilience to cyber attacks.

An organisation’s staff are at the forefront of its cyber defences. CommBank has many resources that could help your business build a more cyber aware workforce and the results of this study will inform our future guides.

Here are some links to help get you started:

Our behavioural science and cyber security experts

Keith Howard is Chief Information Security Officer at CommBank. Appointed to the role in 2019, he leads the Cyber division for the Group (including CommBank and Bankwest), responsible for keeping the Group and its customer information safe and secure.

Prior to this appointment, Keith led large cross-functional teams delivering transformational change such as the successful SAP upgrade and previously led the Group’s Customer Engagement Platform delivering powerful customer experiences using machine learning.

Before joining CommBank in 2015, Keith delivered technology transformation programmes and managed global teams across multiple industries including petroleum, transport and software, having lived in both the UK and Asia prior to moving to Australia.

Alexander Kharlamov is a behavioural scientist at CommBank. He is a cross-disciplinary scientist combining insights from behavioural science, industrial engineering, cybersecurity, management, data science, and business analytics to help businesses achieve better outcomes, design better systems, and encourage staff and customers to make better choices and have fewer regrets. His core interests include mechanisms of trust, perceived vulnerability, risk perception, behavioural segmentation, social engineering, planning mistakes, naïve interventionism, systemic and algorithmic behaviour.

Alexander has a PhD in Engineering specialising in Behavioural Operations Research from the University of Warwick; a Master's degree in Management specialising in Visual Analytics in Operations Management from Cranfield School of Management and a Master's in Industrial Engineering specialising in Supply Chain Segmentation from the University of Aveiro.

For more information on cyber security, see CommBank Foresight – insights for future-facing businesses.