The case for CSR/ Sustainability Reporting Done Responsibly


Insights on how you can protect the environment, maintain and increase the value of your company, through a structured process.

Insights on how you can protect the environment, maintain and increase the value of your company, through a structured process.

Home / case studies / Case study: How ANZ promotes cyber security

Case study: How ANZ promotes cyber security

Founded in 1835 and headquartered in Australia, ANZ provides banking and financial products and services to around eight million individual and business customers, across 34 markets globally. ANZ takes the security of its customers, employees and services very seriously as, when impacted by cybercrime, customers can lose trust in its digital banking products and services.

This case study is based on the 2018 Sustainability Review by ANZ published on the Global Reporting Initiative Sustainability Disclosure Database that can be found at this link. Through all case studies we aim to demonstrate what CSR/ ESG/ sustainability reporting done responsibly means. Essentially, it means: a) identifying a company’s most important impacts on the environment, economy and society, and b) measuring, managing and changing.

Layout 1Abstract

ANZ’s Cyber Defence team proactively scans ANZ systems for vulnerabilities, to prevent malicious activity  Tweet This! and manages threats to minimise impact to customer operations. Additionally, ANZ works to build awareness, through an extensive education and influence programme of work, across employees and customers. In order to promote cyber security ANZ took action to:

  • raise cyber awareness among customers and employees
  • participate in industry collaborations to address the skills shortage in cyber security

What are the material issues the company has identified?

In its 2018 Sustainability Review ANZ identified a range of material issues, such as fairness and ethical conduct, responsible business lending, financial system stability and regulation, climate change, labour rights end employee wellbeing. Among these, promoting cyber security stands out as a key material issue for ANZ.

Stakeholder engagement in accordance with the GRI Standards

The Global Reporting Initiative (GRI) defines the Principle of Stakeholder Inclusiveness when identifying material issues (or a company’s most important impacts) as follows:

“The organization should identify its stakeholders, and explain how it has responded to their reasonable expectations.”

Stakeholders must be consulted in the process s of identifying a company’s most important impacts and their reasonable expectations and interests must be taken into account. This is an important cornerstone for CSR / sustainability reporting done responsibly.

Key stakeholder groups ANZ engages with:

Stakeholder Group                Method of engagement


·      ‘Your Say’ Research Community online customer panel

·      Customer research and focus groups

·      ‘Voice of Customer’ platform

·      Customer Advocate Office

·      Complaints Resolution Centre

·      Social media

·      Australian Bankers’ Association (ABA) survey of trust in banks and banking industry reform program



·      ANZ Jam, a bank-wide digital conversation, engaging employees about ANZ’s purpose and values

·      ‘My Voice’ pulse survey of employee engagement

·      ‘ANZ Way’ People Leaders’ quarterly webcasts with CEO and Executive Committee members

·      ‘ANZ Way’ Podcast series

·      Direct communication and formal twice-yearly performance appraisals with line managers

·      ANZ intranet, MAX, a resource for employees to receive updates and information about developments and initiatives at ANZ

·      ANZ’s internal collaboration tool, MAX Connect, which connects ANZ’s people in real-time

·      Meetings with the unions representing ANZ employees, including the Finance Sector Union of Australia and FIRST Union in New Zealand

·      ABA survey of employees about trust in banks and banking industry reform program

Shareholders ·      Results briefings

·      Strategy briefings and other market updates

·      Annual General Meeting

·      Disclosure documents, including results announcements, investor presentations, annual reports and other ASX lodgements

·      Electronic communications and webcasts

·      Dedicated ANZ shareholder website

Government and regulators ·      Regular meetings with political stakeholders, officials and regulators by ANZ’s CEO and senior executives

·      Submissions to parliamentary committee inquiries and other government and regulatory consultations

·      Participation in industry engagement and forums

·      Meetings with trade negotiators regarding free trade agreements

·      Providing information and technical advice on international practices to regulators in developing countries

·      Meetings with departmental representatives responsible for implementation of programs aligned with or co-funded by ANZ

Industry associations ·      Participated in the development and implementation of the industry consumer protection reform program in Australia

·      Participated in industry discussions about sector issues and broad industry strategy

·      Participated on the Business Council of Australia’s (BCA) climate change policy working group

·      Provided input into industry association responses to parliamentary inquiries and government consultations

Non-government organisations (NGOs) ·      Direct engagement with relevant human rights, consumer and environment NGOs and academics

·      Regular engagement with peak bodies for professional community services such as financial counselling

·      Regular partnership meetings with community organisations delivering MoneyMinded, Saver Plus and MoneyBusiness programs

·      Engagement with NGOs providing oversight of key social commitments such as ANZ’s Reconciliation Action Plan, Accessibility and Inclusion Plan and Financial Inclusion Action Plan

·      A regular program of CEO and senior executive meetings with civil society leaders to exchange ideas and discuss material social, economic and environmental issues of mutual interest

·      Consultation with a wide variety of external stakeholders to refine ANZ’s approach to its purpose and with particular focus on financial wellbeing, environmental sustainability and housing

·      External steering committees for flagship programs and research related to financial capability and wellbeing

How stakeholder engagement was made to identify material issues

To identify and prioritise material topics ANZ conducted a survey among both internal and external stakeholders, who ranked material topics according to their importance, and also carried out one-on-one interviews with 29 stakeholders who informed its understanding of the current and future context of each topic.

What actions were taken by ANZ to promote cyber security?

In its 2018 Sustainability Review ANZ reports that it took the following actions for promoting cyber security:

  • Raising cyber awareness among customers and employees
  • In response to the rapid increase in cybercrime, ANZ implemented, in 2018, a range of initiatives to raise the cyber security awareness of both its customers and employees, which included the following:
    • the introduction of ‘TECH Talks’, facilitated by employees within ANZ’s Australian branch network, where cyber security and technology related topics are discussed with customers;
    • presentations to small business, corporate and commercial customers carried out by regional and local bankers as part of a wider series of client engagement sessions;
    • in-application pop-up cyber security messages in the Wholesale Digital Transactive banking platform, which customers must acknowledge before being able to proceed;
    • the launch of a new cyber security alert page on, providing examples of the latest cyber threats that could impact customers;
    • the commencement of a ‘Change Champion’ Cyber Security Ambassador Programme within the New Zealand and Australian Operations teams to improve cyber security capabilities among employees, while also acting as an advocate for cyber security within their respective areas;
    • the implementation of an internal phishing email ‘triage service’ (suspicious email sorting capability) to ensure a timely response to potential cyber attacks on ANZ;
    • the establishment of an executive education programme to improve cyber knowledge;
    • the development of ANZ’s new cyber security campaign to raise awareness on simple steps customers and employees can take to protect their virtual valuables.
  • Participating in industry collaborations to address the skills shortage in cyber security
  • During 2018, ANZ participated in various industry collaborations to help alleviate the skills shortage in cyber security and to support a cyber-smart community. These included:
    • a partnership with Deakin University to sponsor graduate roles into ANZ’s Security Domain to address resourcing gaps, while developing talent;
    • a leadership role through the Australia Women in Security Network (AWSN), which aims to increase the number of women in cyber security across Australia;
    • delivering a research programme to investigate human susceptibility to phishing emails in conjunction with Data61, CSIRO’s (Commonwealth Scientific and Industrial Research Organisation) data, technology and innovation industry body;
    • a partnership with the Australian Computer Academy (Sydney University), ANZ’s Australian banking peers, British Telecom and Aust Cyber (a not-for-profit organisation promoting Australian cyber security industry and innovation) to write the cyber security content for the national digital curriculum for Australian high schools (Years 7–10);
    • collaboration across industry and government to deliver content for Safer Internet Day, National Scams Awareness week, Stay Smart Online week and International Cyber Security month.

Which GRI Standards and corresponding Sustainable Development Goals (SDGs) have been addressed? 

The GRI Standard addressed in this case is: Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data


Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data corresponds to:

  • Sustainable Development Goal (SDG) 16: Promote peaceful and inclusive societies for sustainable development, provide access to justice for all and build effective, accountable and inclusive institutions at all levels
  • Business theme: Compliance with laws and regulations, Protection of privacy


80% of the world’s 250 largest companies report in accordance with the GRI Standards

SustainCase was primarily created to demonstrate, through case studies, the importance of dealing with a company’s most important impacts in a structured way, with use of the GRI Standards. To show how today’s best-run companies are achieving economic, social and environmental success – and how you can too.

Research by well-recognised institutions is clearly proving that responsible companies can look to the future with optimism.

FBRH GRI Standards Certified and IEMA approved Sustainability Course | Venue: London LSE

By registering for the next 2-day FBRH GRI-Standards Certified and IEMA approved Course you will be taking the first step in gaining the many benefits of sustainability reporting.



1) This case study is based on published information by ANZ, located at the link below. For the sake of readability, we did not use brackets or ellipses. However, we made sure that the extra or missing words did not change the report’s meaning. If you would like to quote these written sources from the original, please revert to the original on the Global Reporting Initiative’s Sustainability Disclosure Database at the link:


Note to ANZ: With each case study we send out an email requesting a comment on this case study. If you have not received such an email please contact us.