Super funds unite for cyber security response drill

Australia’s superannuation sector is set to come together this week for a major cyber security drill designed to strengthen collective resilience.

In collaboration with key industry partners, the Gateway Network Governance Body (GNGB) will host Operation Honey Bee II, a sector-wide superannuation cyber security incident response exercise over the week. 

Explaining the exercise’s namesake, GNGB CEO and exercise director, Michelle Bower, said just as honey bees work collectively to protect and maintain the health of their hive, the ability to respond effectively to cyber threats depends on shared responsibility, collaboration, and readiness across the ecosystem.

“We are pleased to be able to provide these opportunities for all types of organisations across the superannuation ecosystem to come together to explore real-world response strategies in a safe, collaborative setting and exercise our collective response capability,” she said.

Building on two previous sector-wide exercises, Operation Honey Bee II brings together representatives from across the superannuation ecosystem, including funds, administrators, service providers, regulators, and government agencies.

The exercise comes amid calls from the Australian Prudential and Regulation Authority (APRA) to the super industry to strengthen their cyber resilience and authentication controls after a series of attacks in March and April targeted individual members during the Superannuation Industry Roundtable last month.

The regulator said those attacks underscored the industry’s attractiveness to threat actors and the need for sector-wide collaboration to protect member trust.

CEO of the Association of Superannuation Funds of Australia (ASFA), Mary Delahunty, commented: “The initiative is designed to strengthen collective cyber resilience, test coordination capabilities and reinforce preparedness for increasingly complex and sophisticated cyber threats.”

Valued at around $4.3 trillion, Australia’s superannuation system is among the country’s most critical financial assets, securing the retirement savings of millions.

The exercise simulated a co-ordinated response to a significant cyber attack, allowing participants to identify strengths, uncover gaps, and test communication and compliance procedures under pressure.

Financial Services Council (FSC) CEO Blake Briggs said: “It is critical that we take these opportunities to train as a sector and ensure we have the strongest possible processes in place to respond to evolving cyber threats.”

The 2025 exercise will focus on evaluating the sector’s collective response capabilities against a complex, evolving cyber threat and was supported by key industry associations.

The drill was facilitated by John Macpherson from Ashurst’s risk advisory practice.