NGS Super rapped by APRA over cyber deficiencies

11 December 2023
| By Laura Dew |
expand image

APRA has imposed additional licence restrictions on NGS Super, which suffered a cyber attack earlier this year.

Significant deficiencies have been identified in the fund’s cyber controls, APRA said, which has 114,000 members and $14 billion in assets under management.

The fund suffered a cyber attack in March wherein a cyber attacker gained access to some of its systems for a short period of time. The super fund assured members the incident had not impacted their super savings or the funds’ assets, which remained secure on a separate platform. 

The restrictions, which will apply from 11 December, follow an internal report by NGS and an independent tripartite review undertaken at APRA’s request.

The reviews identified deficiencies in NGS’ compliance with Prudential Standard CPS 234 – Information Security, while the cyber incident involved a significant amount of data being lost and NGS’ systems being compromised for a period. 

APRA acknowledged that NGS has taken steps since the attack to address the review’s recommendations – the additional licence conditions will require NGS to engage with an independent third party to provide assurance regarding NGS’ remediation activities and to address the recommendations contained in the internal audit and tripartite review reports and conduct an operational effectiveness review of the CPS 234 controls and frameworks in place for NGS.  

NGS is required to provide APRA with an attestation from its chair that the actions are complete and effective and are compliant with CPS 234.

A statement from NGS Super said: "NGS Super is working with APRA to meet the additional requirements they have requested of the fund, primarily in relation to compliance with CPS 234. We’ve reviewed our processes and acted to further strengthen the protection of our members’ data and retirement savings. We’ve had multifactor authentication for a very long time and have now implemented enhanced cyber controls across the fund and we’ll continue to do so to minimize risk and maximize protection of our information security. 

"We remain confident of the actions we’ve taken and continue to do following a thorough review of our cyber security. We’re also committed to working with APRA and an independent party to identify and implement additional actions. Ultimately, this will lead to further assurance and protection for our members.

"We use administrative, physical, and technical safeguards to protect the confidentiality and integrity of personal information and data and are committed to protecting our members' personal information."

In May, APRA wrote to its regulated entities to reinforce the importance of multifactor authentication to protect sensitive data from cyber attacks.

In an open letter, Alison Bliss, general manager for operational resilience, cross-industry division, told APRA-regulated entities that it was a “material security control weakness” if firms failed to comply.

“Multifactor authentication (MFA) is one of the most effective controls an organisation can implement to prevent an adversary from gaining access to a device or network and accessing sensitive information.”


Read more about:


Add new comment

The content of this field is kept private and will not be shown publicly.

Recommended for you


Stay up to date with Australia’s top news and information source for the wealth management industry


sub-bg sidebar subscription

Never miss the latest news and developments in wealth management industry

Chris Cornish

"Past performance is no guarantee of future results" is something ASIC are always keen to say. Yet when it comes to th...

9 hours ago
Stewart Gibson

Wow, distrust in the Government. Who would have thought that people would distrust that merry band of incompetents that ...

1 day 11 hours ago
One foot out the door

“The advice satisfaction has moved up, and that’s about rebuilding trust, delivering on what we say we will do and not m...

6 days 14 hours ago

AustralianSuper and Australian Retirement Trust have posted the financial results for the 2022–23 financial year for their combined 5.3 million members....

7 months 2 weeks ago

A $34 billion fund has come out on top with a 13.3 per cent return in the last 12 months, beating out mega funds like Australian Retirement Trust and Aware Super. ...

7 months ago

The verdict in the class action case against AMP Financial Planning has been delivered in the Federal Court by Justice Moshinsky....

7 months 2 weeks ago