Super funds unite to boost cyber defences

Superannuation funds ramp up collective efforts to counter rising cybercrime, updating standards and sharing intelligence across the industry.

Australia’s superannuation sector has intensified its joint response to cybercrime and scams through two cross-industry initiatives aimed at strengthening defences and improving the protection of member data.

The Australian Superannuation Cyber Security Forum, launched in March 2024, and the Scam and Fraud Prevention Exchange, which began in May 2025, now bring together more than 30 funds and related organisations from across the superannuation ecosystem.

Both initiatives encourage active collaboration between funds, administrators, and industry service providers to exchange intelligence and coordinate responses to emerging threats.

Participation is open to senior cyber security and financial crime specialists from both FSC and non-FSC member funds, with regular in-person meetings and ongoing information sharing via real-time communication channels.

FSC chief executive officer Blake Briggs said super funds remain an attractive target for increasingly sophisticated criminal activity.

“In 2023/24, 11 per cent of the 1,100 cyber security incidents that the Australian Signals Directorate responded to related to critical infrastructure, which includes superannuation funds,” Briggs said.

“This means superannuation funds cannot let their guard down when it comes to cybercriminals and scams.”

He said a major industry incident earlier this year underscored the importance of a coordinated approach.

“Although most funds have good defences in place, cyber criminals are becoming increasingly sophisticated and funds must adopt a mindset of continuous improvement. Sharing information, insights and lessons is what helps superannuation funds improve their practices in safeguarding superannuation customers.”

Over the past year, the forums have met 12 times to address issues spanning cyber risk, fraud, and scams, while also engaging with government agencies such as the Australian Signals Directorate, Home Affairs, and financial regulators.

Participants have received briefings from domestic and international experts on threat intelligence and response strategies.

Originally created by the FSC, both forums have since been de-branded to encourage broader participation across the sector.

They are now governed by steering committees representing both FSC and non-FSC member funds, with membership offered free of charge to funds and their representative associations.

In parallel with these collaborative efforts, the FSC has revised its Scam and Fraud Mitigation Standard to strengthen consumer safeguards.

The updated standard requires funds to apply multi-factor authentication on high-risk transactions, such as changes to payment or contact details — a measure that has proven effective during the April industry-wide incident.

The revised standard accelerates the implementation deadline for full multi-factor authentication coverage to 1 August 2025, aligning with APRA’s expectations. Compliance with FSC standards is mandatory for member funds, while other funds are encouraged to adopt them as best-practice guidance.