First State Super adopts UpGuard for Third Party Vendor Risk Management

Security ratings and automated third-party risk assessment help to scale their vendor risk management program.



Reduction in time to assess vendor security performance


Vendors assessed through the UpGuard platform


Digital assets continuously monitored

First State Super empowers their customers to build a better future with retirement solutions and financial advice. UpGuard helps de-risk their exposure to suppliers and enables them to be proactive in managing third-party vendor risk.

Helping over 750,000 Australians

First State Super was established in 1992 and today, is one of Australia’s largest superannuation funds with more than 750,000 members. The majority of its members are employed in the public sector, education, health and community services, police and emergency services. They are a ‘profit to members’, public offer fund.

In June 2016, First State Super acquired 100% of StatePlus – an acquisition that created the largest member-owned financial advice network in Australia with over 25 locations and over 200 financial advisors.

Following the Stateplus acquisition, First State Super are the custodians of an asset pool of over $90bn, combining superannuation and retirement savings.

Headquartered in Sydney, Australia with offices throughout New South Wales, the Australian Capital Territory, Victoria and Western Australia, First State Super have a team of more than 460 employees servicing the needs of its members. StatePlus employs a further 410 employees.

First State Super’s underlying philosophy is ‘members first’ and its mission is ‘to build a better future for all Australians’.

First State Super is a superannuation fund that helps over 750,000 Australians save for their retirement.
Increase their third-party vendor security performance from an external perspective, and get greater efficiency from their vendor security questionnaires.
UpGuard CyberRisk for Vendor Risk Management and Security Ratings
Financial services
Sydney, Australia

The Challenge

With today’s increasing exposure to third-party risks, and the upcoming release of Australian financial services regulator APRA’s CPS 234 “Information Security” standard, First State Super wanted to understand how their third-party vendor security was performing from an external perspective. Additionally, First State Super recognised the limitations of traditional, spreadsheet-based vendor security questionnaires, which often result in fewer vendors being monitored due to cumbersome workflows and manual process inefficiencies.

The Solution

First State Super chose UpGuard to get visibility into the risks of their own systems, as well as those of their vendors and partners. First State Super turned to UpGuard CyberRisk for continuous risk monitoring, security ratings, and automated vendor questionnaires. UpGuard’s risk monitoring capabilities provide assurance that First State Super’s own internet-facing properties were securely configured and gave them the technical information to guide their vendors toward reducing risk to an acceptable level. Vendor security ratings enabled the team to prioritize the assessment of third parties based on risk and the questionnaire assessments closed the loop with detailed responses on internal controls needed to safely do business.

“Upguard has helped us de-risk our organisation, with solutions that are both reliable and accurate in producing fact-based information about our key suppliers, that we can proactively act on in order to help keep our platforms secure and stable.”

Group Head Of Technology

The Results

42% reduction in time to assess vendor security performance

By comparing spreadsheet-based processes to CyberRisk’s workflow, our research has shown that a benefit of automating security questionnaires is a 42% reduction in time to assess each vendor through automated workflows and reduced friction from the vendor side. In the case of First State Super, they have been able to assess and monitor up to 14 more third-party vendors than otherwise would be possible, without increasing headcount.

First State Super has improved their UpGuard Cyber Security Rating by nearly 30 points in less than a year.

UpGuard CyberRisk provides external intelligence on security performance and enables comparisons with industry peers. This gives First State Super the ability to see which security risks are affecting their overall security performance with ongoing comparison against their industry average.

56 vendors assessed, 38 security questionnaires issued and 40 digital assets monitored.

First State Super uses UpGuard CyberRisk to monitor and assess 56 third-party vendors, and has issued them 38 security questionnaires. First State Super is also using CyberRisk to monitor 40 of their own digital assets.

After over a year of working together with UpGuard, First State Super’s executive IT leadership were satisfied with the progress made and are continuing the partnership with UpGuard.

Set up a free demo account today

Book a free demo

See UpGuard In Action

Book a call with one of our specialists and we'll arrange a time for a demo.