Many in retirement are travelling comfortably, with three key factors contributing to their happiness – good physical and mental health and enough money to enjoy life.
Perhaps the assumption that markets are still anchored by predictable economic policies needs to be challenged. For the first time since the fall of the Berlin Wall, political volatility – once background noise – is potentially reshaping investment risk at a structural level.
Cyber-attacks send shockwaves through superannuation funds
The fact that cyber-criminals are targeting individual account holders in the country’s biggest superannuation funds is sending shockwaves through the industry – especially for the retirees with the bulk of their savings in APRA-regulated funds who were specifically targeted.
Despite the fact that it appears little money has been lost – AustralianSuper has confirmed $500,000 and announced it will refund the money – it has sent the industry into a tailspin, become a flashpoint in the federal election and has sent funds’ websites crashing from members desperately trying to determine if their accounts have been compromised.
Aside from AustralianSuper, five other funds have been identified as being targeted – the Australian Retirement Trust, REST, Cbus, Hostplus and Insignia Financial’s retail MLC Expand platform. To date, and to the relief of many self-funded retirees, the $1 trillion SMSF sector has so far remained unscathed (of which more later).
Adding to the funds’ collective embarrassment has been the revelation that they had been repeatedly cautioned about their vulnerability to cyber-attacks. For retirees, this was like rubbing salt in their wounds.
Any doubts about the severity of the cyber-attacks were laid to rest when Australia’s National Cyber Crime Coordinator Michelle McGuinness (pictured) confirmed this nefarious activity.
In a brief statement, she said: “I am working with agencies across the Australian Government, including with the financial system regulators and with industry stakeholders, to provide cyber security advice and coordinate the whole-of-government response to this incident.
“APRA and ASIC are engaging with all potentially impacted superannuation funds to support safe outcomes for members,” she said. “Super fund members should follow the advice of their superannuation funds: check your accounts, remain engaged with your funds if you are concerned you have been impacted and be vigilant of potential fraud.”
AustralianSuper, the biggest profit-for-member fund with 3.5 million members and $367 billion in member assets at 31 December 2024, confirmed that the crisis was generating a high volume of traffic to the call centre, member online accounts and mobile app that was causing intermittent outages.
“Even though you may not be able to see your account, or you are seeing a $0 balance, your account is secure. This is a temporary situation and we’re working hard to resolve it as quickly as possible. We apologise for any inconvenience.
“Super funds are defending cyber-attacks and identity theft every day and it’s never been more important for members to protect their personal data.”
AustralianSuper chief member officer Rose Kerlin says a recent spike in criminal activity detected by the fund is a timely warning for members to make sure their account details are correct.
“Over the past week, we have seen a spike in suspicious activity across our member portal and mobile app and we’re urging members to take steps to protect themselves online,” she says. “This week we identified that cyber criminals may have used up to 600 members’ stolen passwords to log into their accounts in attempts to commit fraud.
“While we took immediate action to lock down these accounts and let those members know, there are things members can do right now to protect themselves online.”
The attacks could not come at a worse time for some profit-for-member funds that are struggling to handle the increased service demands from members that are either transitioning to retirement or are in retirement. Their embarrassment over these cyber-attacks has been heighted by the fact they have been repeatedly warned they were vulnerable to criminal activity.
The crisis also overlaps with the turmoil in global investment markets in the wake of the President Donald Trump’s “Liberation Day” announcement (April 2) that imposed tariffs on imports from friend and foe alike. Since his announcement, an estimated $US5 trillion ($8.4 trillion) has been wiped-off markets globally.
As mentioned, the SMSF sector has not been impacted – yet. But the SMSF Association is warning trustees to be on “alert and proactive” about their funds’ security in the wake of the cyber-attacks on APRA-regulated funds.
Association CEO Peter Burgess says that these recent incidents are a “timely reminder” that no part of the superannuation sector is immune from cyber threats – including SMSFs.
He says considering the fragmented nature of the SMSF sector, it could be difficult to identify isolated incidents. “What we do know is that the cyber risks faced by SMSFs are different in nature to those which manifested themselves in these recent attacks.
“Unlike a sector-wide attack that targets the balances of many members simultaneously, an attack on SMSFs would require targeting individual bank accounts that typically represent the retirement savings of one or two members.
“Every SMSF is required to have their own bank account which means trustees can benefit from the security protocols of both the banks and their SMSF software providers and administrators.”
But he cautions that while these layered protections are reassuring, they are not infallible. Cyber criminals continue to evolve their tactics, and no industry is immune from a cyber-attack.
“To protect retirement savings, SMSF trustees must take personal responsibility for cyber-hygiene and remain vigilant. This includes changing your password regularly, enabling multi-factor authentication on all accounts and learning how to identify and avoid scams.”
