As cyber threats grow in scale and complexity, Australia’s regulatory landscape is shifting to ensure that companies take greater responsibility for protecting customers. Singapore has recently introduced a groundbreaking move in this direction: financial institutions and telcos are now mandated to share responsibility for phishing scams. This development has implications for Australia’s own approach to cybersecurity, particularly in sectors where customer trust and data integrity are paramount.

The Singapore Model: A Shared Responsibility Framework

Singapore’s legislation requires financial institutions and telcos to assume joint responsibility for customer losses resulting from phishing scams. This means that when a customer’s account is compromised through a phishing attack, institutions can no longer claim immunity by placing full blame on the end-user. Instead, they are obligated to demonstrate proactive security measures and support customers in avoiding potential threats.

This framework is rooted in the recognition that cybersecurity is a shared responsibility. Financial and telecommunications sectors are key targets for cybercriminals, as these industries manage vast amounts of personal and financial data. Singapore’s approach forces organisations to adopt a higher standard of security, transparency, and accountability, recognising that end-users cannot bear the burden of cyber resilience alone.

What This Means for Australia’s Financial and Telecommunications Sectors

For Australia, the regulatory shift in Singapore serves as both a precedent and a warning. In recent years, the Australian financial sector has faced its share of high-profile data breaches and phishing scams, exposing vulnerabilities in the industry’s cyber defences. With cyber incidents in Australia reported every six minutes, it’s clear that organisations must go beyond traditional measures to protect customer data.

4walls—Australia’s trusted cybersecurity authority—urges Australian regulators and companies to consider a similar approach, which would enforce stronger cyber hygiene practices and elevate industry-wide security standards. Here’s why this shift in responsibility could be essential for Australia:

  1. Enhanced Customer Trust: By sharing the responsibility, financial institutions and telcos can reassure customers that they are protected against phishing threats. This trust is critical, particularly for companies handling sensitive financial and personal information.
  2. Incentivised Security Investment: When companies are held accountable for cyber incidents, they have a strong incentive to invest in better security measures. From advanced threat detection to real-time incident response, a proactive approach helps prevent phishing attacks before they reach the customer.
  3. A Cultural Shift in Cybersecurity: A shared responsibility model promotes a culture of collective vigilance, where both companies and customers understand their roles in maintaining security. By empowering customers and organisations alike, Australia can drive a holistic approach to cybersecurity that benefits the entire ecosystem.

Phishing: A Growing Threat for Australian Organisations

Phishing scams remain one of the most prevalent cyber threats in Australia. These attacks often exploit human error and social engineering techniques to trick customers into sharing sensitive information. In the financial and telco sectors, phishing scams have increasingly targeted customers through realistic, sophisticated emails and messages that mimic legitimate organisations.

In Singapore, the new regulations require organisations to adopt robust anti-phishing measures. Australian companies can adopt similar protections, such as:

  • Advanced Phishing Simulations and Employee Training: Regular phishing simulations help prepare employees to spot potential threats, reducing the risk of internal compromises.
  • Real-Time Threat Detection: By investing in continuous monitoring tools, companies can quickly detect and respond to phishing attempts before they reach the customer.
  • Customer Education Programs: Educating customers about how to recognise phishing attempts and safely interact with their accounts is essential to limiting exposure.

The Role of 4walls: Setting the Standard for Cybersecurity in Australia

At 4walls, we advocate for cybersecurity standards that elevate the resilience of Australian industries. As phishing and social engineering tactics grow more sophisticated, Australian companies need partners who can offer proactive solutions and expert guidance. We support organisations by providing:

  • Cyber Security Dashboards: Our real-time dashboards offer continuous insights into emerging threats, ensuring that companies stay ahead of potential phishing attacks.
  • Cyber Governance Training: Through training and simulations, we prepare executives, boards, and employees to detect and mitigate phishing risks, creating a culture of cyber readiness from the top down.
  • Comprehensive Cyber Assessments: We evaluate organisational vulnerabilities and recommend targeted strategies to reduce phishing exposure, empowering Australian companies to lead in cyber resilience.

Moving Toward Shared Responsibility in Australia

The Australian government has already made strides in enhancing cybersecurity standards with initiatives such as the Critical Infrastructure Risk Management Program (CIRMP) and APRA’s CPS 234 compliance requirements. However, as phishing scams continue to surge, a regulatory framework similar to Singapore’s could further protect Australians by ensuring financial institutions and telcos share responsibility for cybersecurity.

A shared responsibility framework recognises that cybersecurity is not solely an IT issue; it’s a matter of trust and integrity that requires active engagement at every level of an organisation. By adopting shared accountability measures, Australia’s financial and telco sectors can not only meet regulatory expectations but also drive industry leadership in customer protection.


Take the Next Step in Cyber Governance

To support Australian organisations in navigating these cybersecurity demands, we offer a Cyber Governance Principles Webinar. This webinar provides actionable insights on aligning board-level priorities with cyber resilience strategies. Register for your session here.

Explore our Cyber Security Dashboard to see how 4walls is helping Australian companies stay at the forefront of cybersecurity.

Download the 4walls Service Description to learn more about how we can help