subscribe to our newsletter sign up

Cyber security has ‘never been more important’ for super

Cyber security

The ATO has said it’s never been more crucial to have strong cyber security processes for superannuation, noting that industry co-operation is needed to achieve this goal.

Speaking on the Australian Taxation Office’s (ATO) newly launched Tax inVoice podcast, deputy commissioner of superannuation James O’Halloran said data accuracy, member protection and cyber security are all issues that the industry and, as such, the ATO is grappling with.

He was speaking to senior partner at Mercer, and co-chair of the ATO’s superannuation industry stewardship group, Dr David Knox.

“I think as the ATO and particularly in the last couple of years since SuperStream, the truth is that we are part of industry as much as industry is part of us,” Mr O’Halloran said, noting the prevalence of big, and important, data sets.


“It’s data that's important to people.

“[And that] clearly raises the issue for all of us together around cyber security, member protection as well as obviously data accuracy.”

Responding to a question from Dr Knox around the ATO’s operational framework, Mr O’Halloran said the framework is one part of the ATO’s strategy to manage risk for members and funds so that secure exchanges of information can occur.

He said, “A small point perhaps … is obviously software and … the use of APIs is continued to be mainstream business in many ways.

“So we need to make sure and work with the industry that our systems are secure.

“Certainly cyber security has never been more important to make sure it's up to date, particularly with things around information in the cloud as well as some of the way superannuation funds operate.”

Mr O’Halloran said it’s in everyone’s interests to have “a common security”, as well as to hit the best balance of access and security.

Both Dr Knox and Mr O’Halloran agreed that the importance of security is not going to decrease in the future, and in fact will grow.

The ATO’s cyber security standards received media attention last year, with an audit calling on it to boost its defences. This guidance followed an audit that found the ATO had “insufficient protection against cyber security attacks from external sources”.

"To progress to being cyber resilient, the Australian Taxation Office and the Department of Immigration and Border Protection (DIBP) need to improve their governance arrangements and prioritise cyber security," the audit said.

Arguing that it was especially critical that the ATO improved its standards due to its access to Australians’ private and sensitive data, the audit said there could be “potentially significant consequences for Australian citizens” if improvements did not occur.

The ATO has a Cyber Security Stakeholder Group that is scheduled to meet four times a year and provides key message updates on its meetings. The last update was provided in October 2017 and said the ATO was focusing on telephone scams, the global scam environment and ATO impersonation scams.

It also noted that the stakeholder group was the evolution of a working group.

“Our ongoing need to respond to cyber threats and the changing legislative environment made the transition necessary,” the group said.

Cyber security has ‘never been more important’ for super
Cyber security
nestegg logo
subscribe to our newsletter sign up
Recommended by Spike Native Network
Neil - I retired about a year ago and now I've got less income than I planned for. Can I sue my financial planner?....
Joe - Agree with Terry Dwyer. The really nasty part is the way it will hit self funded retirees (through their SMSF in many cases) who have direct shares.......
John - Not sure loss of 30% of income is something I just let go. Options I will be doing is investing overseas, local and international REITs and seeing if.......
Dr Terry Dwyer, Dwye... - I am amazed by these comments. The effects will be subtle but pervasive. It will have a huge effect on superannuitants in pension mode as with low.......