Data Security & Privacy

Suncorp is committed to protecting the privacy of our customers’ personal information and preventing financial crime. Where there are clear benefits and protections for consumers, Suncorp also supports greater access to data.

Cyber Security

Customers are increasingly using digital channels to manage their finances and our people rely on technology to manage the day-to-day operations of our business. Protecting and managing data is critical to maintaining the trust and confidence of our stakeholders, and building the resilience of our business.

Suncorp has a suite of security technologies and processes in place to protect our customers and our organisation from data security threats. These are designed by a dedicated Security function within our Chief Information Office. The Technology Risk Management Committee provides oversight and visibility of cyber risk and ensures alignment with our risk appetite and broader Enterprise Risk Management Framework (ERMF).

Suncorp implements measures including robust firewall protection, automatic security features and real-time fraud monitoring to detect threats, and works closely with the banking industry, the Australian High-Tech Crime Centre and the Australian Federal Police. Our Fraud Detection Team ensures we respond immediately to suspicious account activity and provides early detection of potential cases of fraud. We are members of the Australian Computer Emergency Response Team (CERT Australia), which notifies companies of online criminal activity globally.

Suncorp has an established incident management plan that includes disaster recovery and business continuity. A dedicated Critical Incident Management team responds to and mitigates against critical IT incidents and the Suncorp Incident Response Team coordinates communications and response activities. 

Suncorp’s Internal Audit team regularly conducts information and cyber security audits across operational, policy, and governance aspects. The Suncorp Board has ultimate responsibility for cyber security and cyber risks are reported to them at least quarterly through the Board Risk Committee.

Suncorp’s Privacy Policy

Suncorp’s Privacy Policy Suncorp’s Privacy Policy sets out how we collect, use, disclose, store and secure personal information. Our people complete mandatory privacy training annually to help embed a strong risk culture and promote privacy awareness. In February 2018 the Notifiable Data Breaches scheme commenced, which mandates organisations to notify affected individuals of a data breach that is likely to result in serious harm. Suncorp has reviewed its processes and procedures to ensure compliance with this scheme.