Super funds advised to come clean on cyber breaches

Less than a week after the Australian Prudential Regulation Authority (APRA) imposed additional license conditions on NGS Super over a cyber breach, a new white paper is arguing that managing communications to members is key to minimising reputational damage.

The white paper, generated out of a roundtable held by the Australian Custodial Services Association (ACSA), argues that In addition to financial loss and reputational damage, diminished goodwill has the most detrimental impact from a cyber breach – and can take years to recover from.

“This is particularly pertinent for superannuation funds, which want to attract and retain their members for the long term as a trusted financial partner,” it said.

“Importantly, the extent of reputational damage will largely depend on how an organisation manages the aftermath of a breach. Firms with a robust business continuity plan (BCP) and ongoing dialogue with affected stakeholders are more likely to recover their reputation – even compared to entities that experience a less serious cyber breach,” the white paper said.

The white paper points to the fact that reputational damage is the primary consequence of a cyber breach, stating that the impact “can be devastating and ongoing”.

During the roundtable which formed the basis of the white paper, Northern Trusts’s Steve Locke said that Northern Trust is a 130-year-old company and one of the first banks in Chicago, with 200 of the wealthiest individuals on the planet as its clients.

“If we mishandle their data or experience a data breach, it could be catastrophic to our business,” he said.

“For superannuation and custodial institutions, where members and clients entrust both their assets and personal data, reputational damage from a breach could be shattering,” the white paper said.

“Superannuation is the main source of retirement income for many people,” J.P. Morgan’s Ugur Keskin told the roundtable. “You’re impacting their lives if systems are offline and they can’t access their funds, or if a custodian can’t issue an accurate net asset valuation.”