Home / News / ‘Reputation is the first casualty’: ACSA warns on cyber risk for super funds, custodians

‘Reputation is the first casualty’: ACSA warns on cyber risk for super funds, custodians

Local institutions need to be prepared for rising cyber threats while keeping both eyes on the reputational damage that can stem from a successful breach, according to the Australian Custodial Services Association.
News

The Australian Custodial Services Association (ACSA) has issued a warning to custodians and super funds alike on the dangers of cyber-attacks, telling them that they need to construct powerful defences against them and be prepared to rebuild their reputation if those defences fail.

“Superannuation is the main source of retirement income for many people,” J.P. Morgan’s Ugur Keskin said in the report. “You’re impacting their lives if systems are offline and they can’t access their funds, or if a custodian can’t issue an accurate net asset valuation.”

But those defences don’t need to be extraordinarily sophisticated to succeed. Humans are the “primary attack vector” for an organisation; data suggests that 88 per cent of attacks enter through internal staff, and a survey of 50 countries cited in the report found that 103 million people use “123456” as a password, which takes hackers “less than a second to crack”. Solving vulnerabilities like that can save hundreds of millions on security technology investment, but getting people to understand how easily a breach occurs is “remarkably challenging”.

  • “It’s a link,” said Steven Locke, Northern Trust global chief information security officer. “You click on it and game over. I’ve said that for the last 20 years, and people are still surprised.”

    Beyond addressing vulnerabilities in their security, big institutions need to keep any eye on how they publicly respond to a cyber-attack. If they mishandle it, they can see continued disruption and enormous lost value from customer relationships and contract revenue. For super and custodial institutions to which stakeholders entrust their assets and personal data, reputational damage from a breach could be “shattering”.

    “In addition to financial loss and reputational damage, diminished goodwill has the most detrimental impact from a cyber breach – and can take years to recover from,” the report says. “This is particularly pertinent for superannuation funds, which want to attract and retain their members for the long term as a trusted financial partner. Importantly, the extent of reputational damage will largely depend on how an organisation manages the aftermath of a breach.”

    If “everything is down”, says HSBC’s Rajeev Tummala, “be transparent” by informing stakeholders. Organisations should be as thoroughly prepared as possible for a cyber-attack, with a “strong and well-rehearsed business continuity plan” (BCP) and a communication strategy to control how people hear about it.

    The extent of reputational damage will largely depend on how an organisation manages the aftermath of a breach,” the report says. “Firms with a robust BCP and ongoing dialogue with affected stakeholders are more likely to recover their reputation – even compared to entities that experience a less serious cyber breach.”

    The ACSA report comes after APRA hit NGS Super with additional licence conditions after hackers gained access to its system. The new conditions require NGS to hire outside help to provide assurance regarding its remediation activities and conduct an operational effectiveness review.

    Lachlan Maddock

    Lachlan is editor of Investor Strategy News and has extensive experience covering institutional investment.




    Print Article

    Related
    IFM, HESTA get behind the wheel at Splend

    The industry fund has taken a 49 per cent stake in subscription vehicle provider Splend alongside IFM and other co-investors as it looks to build a 10 per cent exposure to climate solutions in its global portfolio.

    Lachlan Maddock | 17th Jan 2025 | More
    AustralianSuper makes European industrial property play

    The $300 billion profit-to-member fund has linked up with Oxford Properties for a portfolio of high-quality European industrial and logistics assets that it wants to expand significantly over the next three to five years.

    Staff Writer | 15th Jan 2025 | More
    CFS looks to emerging markets, small caps as US bull run rages on

    With two years of double-digit super returns under its belt, Colonial First State’s investment team is taking a hard look at markets and moving money to areas where they think they’ll make more of it.

    Lachlan Maddock | 15th Jan 2025 | More
    Popular