Comparison Overview

Q: Between Commonwealth Bank company and Nationale-Nederlanden company, which one has the best AI Cybersecurity Score ?

Commonwealth Bank company demonstrates a stronger AI Cybersecurity Score compared to Nationale-Nederlanden company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Q: Between Commonwealth Bank company and Nationale-Nederlanden company, which one has experienced more cyber incidents in the past ?

Commonwealth Bank company has historically faced a number of disclosed cyber incidents, whereas Nationale-Nederlanden company has not reported any.

Q: Between Commonwealth Bank company and Nationale-Nederlanden company, which one has experienced more cyber incidents this year ?

In the current year, Nationale-Nederlanden company and Commonwealth Bank company have not reported any cyber incidents.

Q: Between Commonwealth Bank company and Nationale-Nederlanden company, which one has experienced at least one ransomware attack ?

Neither Nationale-Nederlanden company nor Commonwealth Bank company has reported experiencing a ransomware attack publicly.

Q: Between Commonwealth Bank company and Nationale-Nederlanden company, which one has experienced at least one data breach ?

Commonwealth Bank company has disclosed at least one data breach, while the other Nationale-Nederlanden company has not reported such incidents publicly.

Q: Between Commonwealth Bank company and Nationale-Nederlanden company, which one has experienced at least one targeted cyberattack ?

Neither Nationale-Nederlanden company nor Commonwealth Bank company has reported experiencing targeted cyberattacks publicly.

Q: Between Commonwealth Bank company and Nationale-Nederlanden company, which one has experienced at least one vulnerability ?

Neither Commonwealth Bank company nor Nationale-Nederlanden company has reported experiencing or disclosing vulnerabilities publicly.

Q: Between Commonwealth Bank company and Nationale-Nederlanden company, which one holds the most compliance certifications ?

Neither Commonwealth Bank nor Nationale-Nederlanden holds any compliance certifications.

Q: Between Commonwealth Bank company and Nationale-Nederlanden company, which one has the most subsidiaries ?

Both Nationale-Nederlanden company and Commonwealth Bank company have a similar number of subsidiaries worldwide.

Commonwealth Bank

., Sydney, NSW, 2000, AU

Last Update: 2025-11-27

View Profile

Between 750 and 799

http://www.commbank.com.au/

Australia’s leading provider of financial services including retail, premium, business and institutional banking, funds management, superannuation, insurance, investment and sharebroking products and services. We are a business with more than 800,000 shareholders and over 52,000 employees. We offer a full range of financial services to help all Australians build and manage their finances. Connect with us, we'd like to hear from you: facebook.com/commonwealthbank twitter.com/commbank youtube.com/commbank youtube.com/commbankbusiness instagram.com/commbank Our Community Guidelines can be found at: https://www.commbank.com.au/support/social-networks.html For information on our Privacy Policy visit https://www.commbank.com.au/support/privacy

NAICS: 52

NAICS Definition: Finance and Insurance

Employees: 44,898

Subsidiaries: 7

12-month incidents

Known data breaches

Attack type number

View Profile

Nationale-Nederlanden

Pr. Beatrixlaan 35, Den Haag, ., NL, 2595 AK

Last Update: 2025-11-24

Between 750 and 799

http://www.nn.nl

NN Group is an international financial services company, active in 10 countries, with a strong presence in a number of European countries and Japan. Our roots lie in the Netherlands, with a rich history of more than 175 years. With our 15,000 employees, NN Group provides retirement services, pensions, insurance, banking and investments to approximately 18 million customers. NN Group includes Nationale-Nederlanden, NN, ABN AMRO Insurance, Movir, AZL, BeFrank, OHRA and Woonnu. NN Group opened for trading on 2 July 2014 on Euronext Amsterdam under the symbol ‘NN’ after its initial public offering (IPO). For more than 175 years, our company has merged, grown and changed, but the core of who we are has remained the same. At NN Group, we put our resources, expertise, and networks to use for the well-being of our customers, the advancement of our communities, the preservation of our planet, and for the promotion of a stable, inclusive, and sustainable economy. Our purpose is to help people care for what matters most to them. Because what matters to them matters to us.

NAICS: 52

NAICS Definition: Finance and Insurance

Employees: 10,641

Subsidiaries: 7

12-month incidents

Known data breaches

Attack type number

Commonwealth Bank

—

ISO 27001

Not verified

—

SOC2 Type 1

Not verified

—

SOC2 Type 2

Not verified

—

GDPR

Not verified

—

PCI DSS

Not verified

—

HIPAA

Not verified

Nationale-Nederlanden

—

ISO 27001

Not verified

—

SOC2 Type 1

Not verified

—

SOC2 Type 2

Not verified

—

GDPR

Not verified

—

PCI DSS

Not verified

—

HIPAA

Not verified

Incidents vs Financial Services Industry Average (This Year)

No incidents recorded for Commonwealth Bank in 2025.

Incidents vs Financial Services Industry Average (This Year)

No incidents recorded for Nationale-Nederlanden in 2025.

Incident History — Commonwealth Bank (X = Date, Y = Severity)

Commonwealth Bank cyber incidents detection timeline including parent company and subsidiaries

Incident History — Nationale-Nederlanden (X = Date, Y = Severity)

Nationale-Nederlanden cyber incidents detection timeline including parent company and subsidiaries

Commonwealth Bank

Incidents

Date Detected: 05/2018

Type:Breach

Blog: Blog

Date Detected: 6/2016

Type:Data Leak

Attack Vector: Loss of Physical Media

Blog: Blog

Nationale-Nederlanden

Incidents

No Incident

Commonwealth Bank company demonstrates a stronger AI Cybersecurity Score compared to Nationale-Nederlanden company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Commonwealth Bank company has historically faced a number of disclosed cyber incidents, whereas Nationale-Nederlanden company has not reported any.

In the current year, Nationale-Nederlanden company and Commonwealth Bank company have not reported any cyber incidents.

Neither Nationale-Nederlanden company nor Commonwealth Bank company has reported experiencing a ransomware attack publicly.

Commonwealth Bank company has disclosed at least one data breach, while the other Nationale-Nederlanden company has not reported such incidents publicly.

Neither Nationale-Nederlanden company nor Commonwealth Bank company has reported experiencing targeted cyberattacks publicly.

Neither Commonwealth Bank company nor Nationale-Nederlanden company has reported experiencing or disclosing vulnerabilities publicly.

Neither Commonwealth Bank nor Nationale-Nederlanden holds any compliance certifications.

Neither company holds any compliance certifications.

Both Nationale-Nederlanden company and Commonwealth Bank company have a similar number of subsidiaries worldwide.

Commonwealth Bank company employs more people globally than Nationale-Nederlanden company, reflecting its scale as a Financial Services.

Neither Commonwealth Bank nor Nationale-Nederlanden holds SOC 2 Type 1 certification.

Neither Commonwealth Bank nor Nationale-Nederlanden holds SOC 2 Type 2 certification.

Neither Commonwealth Bank nor Nationale-Nederlanden holds ISO 27001 certification.

Neither Commonwealth Bank nor Nationale-Nederlanden holds PCI DSS certification.

Neither Commonwealth Bank nor Nationale-Nederlanden holds HIPAA certification.

Neither Commonwealth Bank nor Nationale-Nederlanden holds GDPR certification.

Description

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.

Published

Date

2025-11-26

Updated

Date

2025-11-26

Risk Information

cvss4

Base: 7.7

Severity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

Description

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.

Published

Date

2025-11-26

Updated

Date

2025-11-26

Risk Information

cvss4

Base: 8.7

Severity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

Description

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.

Published

Date

2025-11-26

Updated

Date

2025-11-26

Risk Information

cvss4

Base: 6.3

Severity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

Description

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.

Published

Date

2025-11-26

Updated

Date

2025-11-26

Risk Information

cvss3

Base: 7.5

Severity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Description

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.

Published

Date

2025-11-26

Updated

Date

2025-11-26

Risk Information

cvss3

Base: 7.5

Severity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Badge your company to reduce your risk score and your cyber insurance costs!

Comparison Overview

Commonwealth Bank

VS

Nationale-Nederlanden

Commonwealth Bank

Nationale-Nederlanden

Compliance Badges Comparison

Benchmark & Cyber Underwriting Signals

Incidents vs Financial Services Industry Average (This Year)

Incidents vs Financial Services Industry Average (This Year)

Incident History — Commonwealth Bank (X = Date, Y = Severity)

Incident History — Nationale-Nederlanden (X = Date, Y = Severity)

Notable Incidents

No Incident

FAQ

Latest Global CVEs (Not Company-Specific)

CVE-2025-66035

Risk Information

CVE-2025-66031

Risk Information

CVE-2025-66030

Risk Information

CVE-2025-64344

Risk Information

CVE-2025-64335

Risk Information

Badge your company to reduce your risk score and your cyber insurance costs!

Comparison Overview

Commonwealth Bank

VS

Nationale-Nederlanden

Commonwealth Bank

Nationale-Nederlanden

Compliance Badges Comparison

Benchmark & Cyber Underwriting Signals

Incidents vs Financial Services Industry Average (This Year)

Incidents vs Financial Services Industry Average (This Year)

Incident History — Commonwealth Bank (X = Date, Y = Severity)

Incident History — Nationale-Nederlanden (X = Date, Y = Severity)

Notable Incidents

🔒 Incident : Breach COM423251223

🔒 Incident : Data Leak COM234728722

No Incident

FAQ

Between Commonwealth Bank company and Nationale-Nederlanden company, which one has the best AI Cybersecurity Score ?

Between Commonwealth Bank company and Nationale-Nederlanden company, which one has experienced more cyber incidents in the past ?

Between Commonwealth Bank company and Nationale-Nederlanden company, which one has experienced more cyber incidents this year ?

Between Commonwealth Bank company and Nationale-Nederlanden company, which one has experienced at least one ransomware attack ?

Between Commonwealth Bank company and Nationale-Nederlanden company, which one has experienced at least one data breach ?

Between Commonwealth Bank company and Nationale-Nederlanden company, which one has experienced at least one targeted cyberattack ?

Between Commonwealth Bank company and Nationale-Nederlanden company, which one has experienced at least one vulnerability ?

Between Commonwealth Bank company and Nationale-Nederlanden company, which one holds the most compliance certifications ?

Between Commonwealth Bank company and Nationale-Nederlanden company, which one holds the fewest compliance certifications ?

Between Commonwealth Bank company and Nationale-Nederlanden company, which one has the most subsidiaries ?

Between Commonwealth Bank company and Nationale-Nederlanden company, which one has the largest number of employees ?

Between Commonwealth Bank and Nationale-Nederlanden, which company holds both SOC 2 Type 1 certifications ?

Between Commonwealth Bank and Nationale-Nederlanden, which company holds both SOC 2 Type 2 certifications ?

Which company is ISO 27001 certified — Commonwealth Bank or Nationale-Nederlanden ?

Which company is PCI DSS compliant — Commonwealth Bank or Nationale-Nederlanden ?

Between Commonwealth Bank and Nationale-Nederlanden, which company complies with HIPAA regulations for healthcare data ?

Between Commonwealth Bank and Nationale-Nederlanden, which company complies with GDPR requirements ?

Latest Global CVEs (Not Company-Specific)

CVE-2025-66035

Risk Information

CVE-2025-66031

Risk Information

CVE-2025-66030

Risk Information

CVE-2025-64344

Risk Information

CVE-2025-64335

Risk Information