Super Funds Push for Coordinated Cyber Threat Response via Shared Intelligence Platform

Association of Superannuation Funds of Australia (ASFA) has applied to the Australian Competition and Consumer Commission (ACCC) for authorisation to establish a sector-wide cyber threat intelligence sharing platform, following a wave of coordinated cyberattacks targeting superannuation funds in 2025.

The proposed platform, titled Superannuation Cyber and Financial Crime Exchange (SuperFCX), would enable member funds to share critical threat intelligence, including attack trends, tactics and techniques, compromised controls, active threat actors, and technical indicators such as blocked threats and live incidents.

ASFA is seeking a five-year authorisation to operate the platform, emphasizing that strict safeguards will be in place to prevent the sharing of commercially sensitive information. Data related to pricing, sales, profit margins, and investment strategies will be explicitly excluded to ensure compliance with competition laws.

The initiative forms part of a broader coordination framework known as Superannuation Cyber and Financial Crime Coordination (SC3), which also includes a sector-wide incident response playbook, joint simulation exercises, and specialist working groups aimed at strengthening collective resilience.

The push for greater collaboration follows a major credential-stuffing campaign in early 2025 that impacted leading funds, including AustralianSuper, REST, Hostplus, Insignia Financial, and Australian Retirement Trust. The attacks resulted in approximately $750,000 in losses from a small number of accounts and exposed gaps in communication across the sector.

According to ASFA CEO Mary Delahunty, the absence of a trusted communication channel during the incident led to fragmented responses and heightened public concern. “Information was delivered inconsistently, sometimes via media reports, which amplified anxiety rather than providing reassurance,” she noted.

The Australian superannuation sector manages approximately $4.5 trillion in assets on behalf of 18 million members, making it a high-value target for cybercriminals. ASFA’s proposal aims to address structural weaknesses in coordination and improve real-time information sharing during incidents.

The initiative also reflects growing concern about emerging threats, including the potential misuse of advanced AI systems in cybercrime. Delahunty pointed to warnings from Anthropic regarding risks associated with powerful AI models, reinforcing the urgency for proactive defence strategies.

If approved, SuperFCX would mirror existing collaboration models such as the Australian Financial Crimes Exchange, which enables real-time threat intelligence sharing across major banks.

Submissions on ASFA’s application are open until April 27, with the ACCC expected to assess whether the proposed framework delivers public benefits without undermining market competition.