People saving for retirement should be assured their superannuation funds and related service providers had cyber defences in place to deal with the recent cyberattack, but would work to improve them, the Association of Superannuation Funds of Australia (ASFA) has stated.
The representative body for the Australian Prudential Regulation Authority-regulated fund sector made the comments in response to attempts last week to penetrate the defences of several super funds, with some of the attacks successful and having an impact on members.
“In a rapidly evolving threat landscape there will always be new and emerging risks, but Australia’s super sector is proactively working together to improve system-wide defences, including through the ASFA Financial Crime Protection Initiative (FCPI),” it stated.
“ASFA convenes a regular sector-wide Cyber Security Threat Intelligence Working Group, which brings together industry leaders from across superannuation to respond to emerging cybersecurity issues.
“Through the FCPI, ASFA will release a toolkit to ensure strong sector coordination in relation to cybersecurity.”
It outlined a range of intervention strategies it has implemented following the attack, including the establishment of a hotline between the superannuation sector, relevant government agencies and related financial services bodies for when similar issues arise.
In addition, it announced it would improve information sharing between funds and critical service providers, including custodians, administrators and technology suppliers, and develop industry-wide frameworks designed to combat financial and cybercrime.
The response to the cyberattack comes less than a week after ASFA apologised for problems with the payment of death benefits.
“The superannuation sector knows we have let down some of our members and their families at a time when they needed us and we are sorry,” ASFA chief executive Mary Delahunty said.
“Trustees need to take utmost care in paying death benefits, but excessive waiting, lack of communication and inconsistent processes are not acceptable.”