The superannuation sector is not exempt from the risks that arise from emerging technology, according to experts, who urge funds to raise the bar on cyber security and literacy.
Speaking at AIST’s 2023 Conference of Major Superannuation Funds, Sandeep Kohli, managing director, APAC CISO, State Street, said fund leaders should look for like-minded people to discuss opportunities and challenges in cyber.
“You must have someone on the board that is cyber literate,” Kohli said.
“Business leaders around the world say there is a 43 per cent chance of an organisation to be hit with a cyber incident.”
The panel noted that mitigating risk meant more than just hiring a cyber risk consultant; rather it required super fund leaders to push for cyber literacy that extends across the entire board.
In order to avoid compromising their operational integrity, they need to drive the importance of cyber security from the top down.
Recently, the Australian Prudential Regulation Authority (APRA) wrote to its regulated entities to reinforce the importance of multifactor authentication to protect sensitive data from cyber attacks.It informed APRA-regulated entities that it is a “material security control weakness” if firms fail to comply.
“As a sector, super is fortunate that APRA had the foresight to consider cyber, so it’s ahead of other sectors,” said Anna Leibel, director of cyber security education platform The Secure Board. “The opportunity for super is that you have those foundations in place.”
According to Leibel, organisations like super funds need more cyber expertise, not just a token cyber security specialist.
“The ultimate responsibility will come back to you [the director] no matter how far you delegate [cyber security],” she said. “[Leaders] have the responsibility to upskill and increase literacy in cyber security.”
The panel highlighted that a solid cyber security strategy is one of the best investments a super fund can make and that investment in this area is worth every cent.
Leibel explained: “Every dollar you spend in cyber is still for the member and the protection for their future. You can help the member to understand the purpose of that spend.”
Earlier this year, industry super fund NGS Super fell victim to a cyber attack that resulted in limited data being taken from its systems although no super savings were taken.
Speaking to Super Review, the fund’s chief executive and former chief risk officer, Natalie Previtera, said a cyber attack was the biggest risk that had kept her up at night.
“In this day and age, it was a matter of when, unfortunately, and not if,” she said.
