Over the past decade, cybercrime has affected financial institutions and their consumers with increasing sophistication, frequency and impact. Large account balances, low member engagement and low cyber maturity makes the superannuation (super) industry an attractive outlier for cyber criminals, leading to a growing cybercrime challenge for the industry.
In the past few years, increasing digitisation means the Super industry holding Australia’s 3.4 trillion dollars’ worth of assets is becoming a lucrative target for cyber criminals. Large account balances, low member interactions and yet to be enhanced cyber maturity across both Trustees and Administrators implies generally a big payday for malicious actors.
While helping the Australian Super community navigate the challenges posed by cyber criminals, the Deloitte Cyber Intelligence Centre has observed organised crime groups sharing and trading information specific to superannuation funds on the dark web.
As the awareness spreads, we have also observed the trading of credentials referencing specific wealth balances as cyber criminals seek to maximise value at each stage of the dark web supply chain. A number of similarities between events were identified, which would be explained by the sharing of trade craft, and/or a consortium working in collaboration.
The more frequent and sophisticated cyber attacks means that superannuation sector (Trustees and Administrators) need to take a holistic approach to uplift cyber resilience capabilities by implementing layered security controls across their people, technologies and process landscape.
In this updated outlook for 2022, we’ve considered: