Super Funds Collaborate to Improve Cyber Threat Response Throughout the Industry
We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!
Brief Overview
- ASFA requests ACCC authorization for a platform to share threat intelligence aimed at tackling cyber threats.
- The Superannuation Cyber and Financial Crime Exchange (SuperFCX) is integral to the SC3 framework.
- A recent cyber incident affecting major super funds emphasized the necessity for enhanced communication within the sector.
- ASFA seeks to avert leaks of competitive intelligence while bolstering sector security.
- Feedback on the application is due by April 27, 2025.
ASFA’s Submission to ACCC for Cyber Threat Intelligence Sharing
The Association of Superannuation Funds of Australia (ASFA) has approached the Australian Competition and Consumer Commission (ACCC) for authorization to create a specialized platform for threat intelligence sharing. This initiative follows a series of cyber attacks that impacted the sector last year, highlighting the urgency for a cohesive approach.
The Suggested Superannuation Cyber and Financial Crime Exchange
ASFA’s plan includes the establishment of the Superannuation Cyber and Financial Crime Exchange (SuperFCX), a platform intended to promote the sharing of threat intelligence among its members. The focus will be on disseminating information regarding threat patterns, strategies, and technical indicators, while specifically excluding any data that may influence competitive factors such as pricing or business strategy.
Framework and Coordination Activities
SuperFCX is part of the overall SC3 framework, which seeks to bolster the superannuation sector’s capacity to respond to cyber threats through four essential pillars. ASFA is also developing a sector incident response guide and intends to carry out sector response drills to enhance coordination during cyber events.
Insights from the April 2025 Cyberattacks
The call for a synchronized threat intelligence platform follows a major credential-stuffing attack in April 2025. Prominent super funds such as AustralianSuper and Hostplus were targeted, resulting in financial losses and illustrating communication shortcomings that the SC3 intends to rectify.
Filling Communication Gaps
Mary Delahunty, CEO of ASFA, remarked on the lack of a reliable communication channel during the attacks, which led to uneven information dissemination and increased member anxiety. The SC3 framework strives to resolve these challenges by establishing a coordinated response system.
Concerns Surrounding AI and Sector Resilience
Delahunty also raised issues regarding the potential exploitation of AI models, referencing Anthropic’s choice not to deploy its latest model because of possible cybercrime threats. The superannuation sector must heed similar alerts to protect sensitive customer information.
Comparison with AFCX
SuperFCX is similar to the Australian Financial Crimes Exchange (AFCX), launched in 2016 as a cooperative, real-time intelligence-sharing platform among financial institutions.
Conclusion
ASFA’s initiative to create a dedicated threat intelligence sharing platform aims to reinforce the superannuation sector’s response to cyber threats. By seeking ACCC approval, ASFA aspires to cultivate an environment of collaboration where threat trends and intelligence can be exchanged securely, without compromising competitive positions.