Superannuation sector unites for major cyber security drill

The Gateway Network Governance Body has coordinated an industry-wide cyber security incident response exercise for the superannuation sector, named Operation Honey Bee II.

The exercise gathered participants from a broad range of organisations across the superannuation ecosystem to address sector risk as cyber threats become increasingly complex and coordinated.

As described by the Gateway Network Governance Body (GNGB), the session was conceived to foster collective preparedness and enhance response capability through practical simulation. GNGB Chief Executive Officer and Exercise Director, Michelle Bower, said the exercise's name reflected the importance of united action in the face of cyber risk.

"We are pleased to be able to provide these opportunities for all types of organisations across the superannuation ecosystem to come together to explore real-world response strategies in a safe, collaborative setting and exercise our collective response capability."

Operation Honey Bee II follows the success of two earlier sector-wide exercises and attracted attendance from superannuation funds, administrators, service providers, regulators, and government bodies. All groups worked together to test how the system would manage a sizeable cyber security attack, exploring both procedures and lines of communication.

Highlighting the scale under discussion, Australia's superannuation system manages the retirement savings of millions and oversees assets valued at AUD $4.1 trillion. The central aim of the exercise was to identify useful strengths, reveal potential weaknesses and evaluate compliance measures when facing a credible threat event.

Mary Delahunty, Chief Executive Officer of ASFA, commented on the need for vigilance and preparedness across all organisations connected to superannuation.

"The initiative is designed to strengthen collective cyber resilience, test coordination capabilities and reinforce preparedness for increasingly complex and sophisticated cyber threats."

Chief Executive Officer of the Financial Services Council, Blake Briggs, also emphasised the benefit of coordinated training and risk analysis.

"It is critical that we take these opportunities to train as a sector and ensure we have the strongest possible processes in place to respond to evolving cyber threats."

Michelle Bower described Australia's superannuation sector as highly interconnected and underscored the potential for vulnerabilities to quickly transmit through the ecosystem.

"Australia's superannuation system is the envy of the world and a critical part of the financial services sector, responsible for managing the retirement savings of millions of Australians. With the increasing frequency and sophistication of cyber threats, the ecosystem faces growing risks that have the potential to impact not just individual organisations, but the broader financial system and public trust. The highly interconnected nature of the superannuation ecosystem could result in a cyber incident affecting one entity, quickly ripple across the network."

"In addition to this, threat actor behaviour is evolving into coordinated and simultaneous attacks across multiple organisations within a sector. Testing cyber resilience together allows organisations to understand dependencies, coordination points and how to collaborate to mitigate the risk to the superannuation system and its members. In 2025, we witnessed a cyberattack targeting the Superannuation ecosystem, highlighting the significant impact even a relatively small incident can have. Super Funds and their service providers demonstrated mature capability when responding to these attacks, as individual organisations."

"However, as an industry, it was acknowledged that better communications between entities within the ecosystem, could have contributed to an ever better outcome. These events unfold rapidly and can lead to a high pressure environment , but with well-developed plans and regular collective response exercises, stakeholders across the ecosystem can be better prepared to respond, defend, and recover as one."

The exercise made use of scenario-based discussion, with participants working through an evolving set of circumstances intended to mirror a plausible large-scale attack impacting the industry. According to GNGB, the format provided opportunity for structured analysis and open communication as the scenario increased in complexity.

Bower outlined the approach taken for the exercise:

"The exercise will be conducted as a discussion based activity. Participants will engage with a dynamic scenario, explore key issues in depth, and respond verbally to a series of evolving situations. To support structured discussion and critical analysis, the scenario will unfold through a sequence of increasingly complex injections."

The goals established for Operation Honey Bee II included evaluating the ecosystem's collective incident response plans, identifying capabilities and limitations, and testing mechanisms for rapid information sharing between organisations. The intention was to use these insights to drive improvements and maintain public trust in a sector with significant importance to the national economy.

With the support of the GNGB Board and various prominent groups within the sector, Operation Honey Bee II was positioned as a necessary exercise in readying the industry for the ongoing challenges posed by the global cyber threat landscape.