Australian Pension Superfunds Hacks Highlight Cyber Skills Shortage

The Australian Pension Fund Cyber Attack: What happened?

Suspicious activity on superannuation fund accounts was identified over the weekend of the 29th to the 30th of March as hackers attempted to exploit stolen account credentials to hack into member accounts.

Vicky Doyle, the CEO of the default industry pension fund for retail workers, Rest Super, said it was during these two days that they “became aware of some unauthorised activity on our online Member Access portal”, which triggered an immediate shut-down of the portal and a launch into their cyber security incident response protocols. It has since reported that it suspects around 20,000 accounts experienced some unauthorised access to limited customer data.

Rest was just one of several institutions that detected suspicious login activity over these two days, with Insignia Financial identifying 100 affected accounts. Hostplus, with more than 1.8 million members, also confirmed it suffered an attack. 

In terms of financial loss, it appears that four members with accounts at AustralianSuper were affected. From these funds, a combined A$500,000 was stolen through the attack, according to The Guardian. The Association of Superannuation Funds of Australia has confirmed that the affected fund providers were able to repel the majority of the hacking attempts to minimise the financial fallout for their members, despite large number of accounts being compromised in some way.

The event has given new momentum to ongoing conversation around the cyber vulnerabilities of this sector, with the Australian Prudential Regulation Authority (APRA) and other regulators having lobbied for improved anti-fraud and cyber security measures since long before the attack.

What can Australian Business can Learn from the Superannuation Cyber Attacks?

The coordinated hack seems to have exacerbated the mounting concerns about cyber risks in Australia’s A$4 trillion superannuation industry, which faces frequent attacks despite regulatory efforts. This phenomenon is far from limited to the financial sector – cyber incidents in Australia result in an average cost of AUD $4.26 million per breach, representing a 27% increase between 2020 and 2025, according to the IBM Cost of Data Breach report 2024.

Although unsettling, these events act as useful case studies that Australian businesses can learn from and use to improve their own cyber security.

Technical set-up for "cyber preparedness"

The need for a robust technical setup may seem obvious, but the importance of sophisticated, multi-layered cyber security measures needs mentioning. This is especially true considering that attacks on Australian businesses continue to rise despite the fact that 97% of local IT leaders believe their current cyber security is sufficient, suggesting a widespread overconfidence in cyber readiness. 

Stephen Boyce, CEO and President at global cyber security consultancy The Cyber Doctor, explained, “The recent cyber incidents targeting Australian superannuation funds reveal a critical gap in how credentials are protected. Relying on basic multi-factor authentication like SMS codes is no longer sufficient. Instead, businesses should consider adaptive authentication methods that adjust to unusual activity, such as sign-ins from unfamiliar devices or locations, before granting access.”

Boyce also offered specific advice for institutions managing financial transactions, saying that “transaction-level safeguards like geofencing, behavioural analytics, and velocity thresholds can make all the difference in detecting and stopping unauthorised fund transfers before they’re finalised.”

Cyber education and training for staff

Second, organisations cannot overlook the human side of cyber security. 74% of all breaches include an element of human error or negligence, according to Verizon Business’s 2025 Data Breach Investigations Report. Investing in trained cyber professionals is critical, but so is ensuring your entire workforce is cyber-savvy.

According to Jeff Le, the Managing Principal at the 100 Mile Strategies policy consultancy and a Fellow at George Mason University's National Security Institute, cyber education for staff and cultivating a company culture of vigilance is essential.

“Beyond [technical] efforts, humans still represent the biggest vulnerability in cyber. More real-world testing and drills must be done regularly, to include phishing exercises, email tests, and other basic outreach to show that cyber is an everybody problem, not simply an IT person's problem. This includes regular board and executive training and education.”

Looking to invest in your cyber security team? Learning People offers complete cyber security training services based on the most up-to-date curriculums from Australia's most-trusted course providers. Learn more on our cyber security courses page. 

The Demand for Cyber Professionals in Australia and New Zealand

Hiring more qualified cyber professionals into your business might sound like an easy way to up your cyber defences. However, Australia is currently facing a large and growing skills shortage in the area of cyber security, which is as concerning for the economy as it is for national security. The end of the financial year in Australia and New Zealand has only driven the demand for certified cyber professionals even further.

As companies strive to stay ahead of the AI adoption curve, and the government attempts to fulfil their Cyber Security Strategy of becoming a world leader in this field by 2030, the Australian cyber security job market is seeing explosive growth in 2025. With skills like network security and encryption skills being in high demand across the country, job vacancies in this field are looking to jump up around 20% in metropolitan hub Brisbane, as one example, according to nucamp.co.

This industry growth is an exciting prospect. However, it’s also been predicted that by 2026, Australia could be short 30,000 qualified cyber security professionals with sought-after qualifications like CompTIA Security+, highlighting the significant skills gap.

The positive outlook here is that this job demand presents huge and lucrative opportunities for those looking to break the cyber industry professionally or to undergo vocational training in this area. The typically high salaries of cyber security professionals of between A$70,000 to over A$135,000, in addition to the large number of available jobs will make courses like the CompTIA Security+ highly appealing.

Interested in becoming a cyber professional? For more information on the in-demand cyber security courses such as CompTIA Security+, what they involve, and how to enrol in a training program, visit our collection of cyber security courses.

Australia’s Superannuation Fund Hack: Final Thoughts

Incidents such as these, which impact such large institutions, should act as a reminder that no business is too big to fall victim to cyber crime. With a concerning skills gap in Australia, and a rising number of attacks, it’s never been more important for businesses to invest in their cyber defence strategies by training their staff and cultivating a company culture of vigilance. For more information on the training your staff will need to be at the cutting edge of cyber security, visit our cyber security courses and training page. 

And of course, this demand for cyber professionals means there is plenty of opportunity for those considering a career in cyber security. Take a look at our guide to becoming a cyber security professional for more information on how to break into this lucrative job market.