Cyber resilience starts with mindset

What really happens during a cyberattack? And what would you do if you were responsible for leading the response? These questions are at the heart of building the next generation of cyber leaders.

“A cyberattack is fast-paced and multidisciplinary. Multiple teams must work seamlessly to identify breaches, contain threats, communicate with stakeholders and suppliers, and keep the business running - all under pressure.”

Today, cyber security is a strategic priority for every organisation. In a hyperconnected world, resilience is a new currency of trust - customers, partners, and regulators aren’t just asking if we’re secure, but if we’re ready.

The real-world impact of cyberattacks

Cyberattacks rarely stay confined to the digital world. Globally, we’ve seen how an attack can start online and quickly disrupt payment systems, energy grids, or transport networks, impacting everything from paying for groceries, boiling a kettle or catching a train. One weak link can cause global disruption, and recent high-profile incidents have shown that no sector, region, or organisation is immune.

For banks and our customers, the stakes are especially high: trust, continuity, and financial wellbeing are on the line.

Responding under pressure

A cyberattack is fast-paced and multidisciplinary. Multiple teams must work seamlessly to identify breaches, contain threats, communicate with stakeholders and suppliers, and keep the business running - all under pressure. Increasingly, attacks cross from the virtual to the physical world, impacting critical infrastructure and daily life.

At ANZ, we take an all-hazards approach to resilience because the threats we face - cyber, physical, and human - are interconnected. We work closely with government agencies, industry peers, law enforcement, and technology partners to ensure our teams are trained, systems are tested, and response plans align with national security priorities.

Our participation in cross-industry cyber drills, information-sharing forums, and joint incident response exercises helps us stay ahead of emerging threats and strengthens the broader financial ecosystem.

Remote work and the human factor

Remote working has changed not just where we work, but how we trust. When teams aren’t in the same room, it’s harder to know who you’re really speaking to. Attackers have joined virtual meetings, impersonated staff, and exploited that distance with AI.

Cybersecurity now includes knowing your team, verifying identities, and spotting subtle signs that something might be off. That’s why we’re embedding cyber vigilance into everyday culture. Trust can no longer be assumed, it needs to be actively maintained.

AI: both a threat and a tool

AI is reshaping the cyber landscape. It has democratised deception. What used to be clumsy phishing attempts are now polished, persuasive, and personalised, designed to bypass both technical filters and human intuition.

While AI helps defenders spot threats faster, it also enables attackers to scale deception and disruption. We’re investing in AI-powered detection tools and doubling down on education, because the human firewall remains our strongest defence. Our teams also work to secure AI systems themselves, ensuring that innovation doesn’t become a new avenue for attack.

Continuous improvement, innovation, and collaboration

Cyber threats don’t stand still, and neither do we. We proactively test our defences, learn from every incident, and invest in new technologies to stay ahead of emerging risks. Red team exercises, tabletop simulations, and cross-sector drills, help build muscle memory and prepare teams to lead through disruption.

Collaborations with universities, such as the ANZ Cyber Crime Hackathon with Griffith University, help develop future talent and foster innovative thinking. We also participate in industry-wide threat intelligence sharing and partner with global cyber security organisations to ensure our people and processes are ready for whatever comes next.

Innovation isn’t just about technology, it’s about building a culture where every team member is empowered to spot risks, share insights, and drive improvements, supported by a network of partners committed to collective resilience.

Customer impact: protecting what matters most

For our customers, this means stronger safeguards for payments, data, and everyday transactions, so banking can be done with confidence. Our commitment to resilience ensures that, even as threats evolve, our focus remains on protecting the financial wellbeing and trust of our customers.

Workforce readiness: the heart of cyber resilience

Ultimately, cyber resilience starts with mindset and is built on the readiness of our workforce. Technology and processes are vital, fostering a culture of vigilance, and partnering across industry and education, ensures we are ready to respond to real-world threats and protect what matters.

Dr Maria Milosavljevic is Chief Information Security Officer at ANZ