The industry is overwhelmingly in favour of introducing baseline cybersecurity standards and improving the regulatory framework to address industry-specific risks.
The GNGB (Gateway Network Governance Body) and PwC Australia have released a new report revealing that the superannuation industry is overwhelmingly in favour of having baseline cybersecurity standards introduced in the sector.
The report presents the findings from a national research study undertaken by the GNGB and PwC, drawing from the views of more than 80 executives and professionals from across the superannuation industry.
When asked what could be improved in existing regulatory frameworks and standards to enhance cyber resilience in the industry, 92 percent of respondents indicated that they wanted baseline standards to be introduced.
Meanwhile, 85 percent of respondents said that existing frameworks and standards should be aligned and streamlined, and 75 percent agreed that these should be tailored to address industry-specific development and threats.
The superannuation ecosystem in Australia comprises a significant number of organisations, including large financial institutions and micro-businesses, with its data supply chain made up of accountants, bookkeepers, clearinghouses, gateways, administrators and others, the report says.
“In such a complex and interconnected ecosystem, each organisation is a potential source of cyber vulnerabilities that can be introduced via a multitude of pathways. It is critical that all participants in this ecosystem play a part in collectively building cyber resilience across the ecosystem.”
The report highlights a lack of accountability for end-to-end cybersecurity resilience across the Australian sector. “Due to the ecosystems’ complexity and highly networked environment, organisations, third parties and members do not always clearly understand their responsibilities.”
The study found that 62 percent of respondents highlighted limited understanding of cyber risk in senior management as a limitation for managing cyber risks. It also found that 72 percent of respondents indicated the ecosystem should work together to clarify accountabilities and responsibilities related to managing cyber risk.
The report says all stakeholders in the superannuation ecosystem should ideally in place minimum cybersecurity controls, and that the industry needs a systematic process for sharing cyber threat and incident intelligence.
In addition, the report calls for “a well-rehearsed and coordinated ecosystem-wide approach” for responding to cyber incidents, including continual testing and improvement.
The GNGB and PwC recommend the establishment of an industry working group that sets out terms of reference and timeframes to achieve cybersecurity goals.
The full report by PwC and GNGB is available here.