The continued focus on improving member experience and engagement levels by enhancing digital channels and straight through processing may leave the future of many members’ retirement accounts at risk unless we learn from recent events.

Historically, the super industry has been slower to adapt to technological changes than other industries, including managing cyber risk. This potentially leaves it open and vulnerable given the funds under management, digital innovation and transformation required to move the industry forward into the future. Therefore, it is imperative that cybersecurity is now prioritised as a business risk and not just seen as an IT risk, especially as we shift our focus to decumulation to ensure the industry delivers on its promise to protect and grow the retirement savings of Australians.

It’s everyone’s responsibility to protect member data

Minimising the risk of cyberattacks and fraud for super fund members must work in parallel to building market-leading digital channels.

Staying ahead of potential threats is embedded into the culture at Link Group Retirement & Superannuation Solutions (RSS). Our Analytical Link Exception Reporting Tool (ALERT), developed in 2018, has helped mitigate and prevent well over $70 million in fraud from member balances since its inception. Our philosophy is that it’s everyone’s responsibility to ensure greater protection of member data from beginning to end.

At Link Group we have a unique position in the industry in that we manage 1 in 3 super accounts and therefore have an enormous responsibility to protect more than 38 per cent of Australians’ future retirement savings. We pride ourselves on ensuring fund and member data is available, accurate and kept safe and secure every day – it is one of the most valuable assets we hold.

To ensure its protection, we have implemented a robust control framework and attained an ISO27001 accreditation – a well-recognised international standard for information security upheld throughout our organisation since 2015. This is a set of policies, procedures, standards and guidelines (Information Security Management System) that provides a systematic risk framework to help manage information security risks.

By embedding security into the DNA of our business, it has become muscle memory and a natural part of the way our people work. We feel confident in managing our security risks because everyone in the organisation is aware of our information security policies and procedures and regularly undertake comprehensive and practical training and awareness to stay vigilant.

It is not just about the technology controls that help protect us, but equally the people and processes that all play an important part in keeping member information and financial assets safe. This same commitment should be displayed throughout our industry and beyond to successfully mitigate the risk of a cyberattack and ensure we all remain resilient.

Security risk – moving from a prevention to resilience mindset

Prevention is important but having your people and organisation ready to act in the event of a successful data breach or disruptive cyberattack should be next on your priority list.

Some would say a breach is inevitable due to the increasing number of cyberattacks occurring each day, which is why it is vital to stress test your response capabilities on a regular basis to ensure everyone understands their role in the recovery process.

We encourage all organisations to understand their respective risks, regulatory and compliance responsibilities as well aim higher than baseline standards which should be seen as a starting point and not the destination for effective risk management.

For more on how you can successfully manage and recover from a data breach, don’t miss cyber security expert Troy Hunt’s session ‘Operationalising & communicating during a cyber attack’ at the ASFA 2023 Inspiring Excellence conference.