Skip to main content

Superannuation: Navigating cyber challenges in an increasingly digital world – 2022 edition

Going beyond traditional prevention, detection and response procedures

Over the past decade, cybercrime has affected financial institutions and their consumers with increasing sophistication, frequency and impact. Large account balances, low member engagement and low cyber maturity makes the superannuation (super) industry an attractive outlier for cyber criminals, leading to a growing cybercrime challenge for the industry.

In the past few years, increasing digitisation means the Super industry holding Australia’s 3.4 trillion dollars’ worth of assets is becoming a lucrative target for cyber criminals. Large account balances, low member interactions and yet to be enhanced cyber maturity across both Trustees and Administrators implies generally a big payday for malicious actors.

While helping the Australian Super community navigate the challenges posed by cyber criminals, the Deloitte Cyber Intelligence Centre has observed organised crime groups sharing and trading information specific to superannuation funds on the dark web.

As the awareness spreads, we have also observed the trading of credentials referencing specific wealth balances as cyber criminals seek to maximise value at each stage of the dark web supply chain. A number of similarities between events were identified, which would be explained by the sharing of trade craft, and/or a consortium working in collaboration.

The more frequent and sophisticated cyber attacks means that superannuation sector (Trustees and Administrators) need to take a holistic approach to uplift cyber resilience capabilities by implementing layered security controls across their people, technologies and process landscape.

In this updated outlook for 2022, we’ve considered:

  • What makes super funds an attractive prospect for cyber criminals
  • Covid-19 superannuation early release scam
  • Self-Managed Super Fund (SMSF) rollover scam
  • Current threat landscape for Superannuation industry
  • The convergence of cyber monitoring and forensic analysis
  • The analytic capabilities to consider
  • Raising the bar in risk management.

Did you find this useful?

Thanks for your feedback

If you would like to help improve further, please complete a 3-minute survey