The cyber security breach experienced by Capita is a reminder of the importance of being alert to cyber risk.

Pension schemes and their service providers hold enormous amounts of personal data and assets, which can make them a target for criminals.

Our research shows while attention to cyber security could be greater in some schemes, many are giving the risk the serious consideration it deserves.

However, it is critical all governing bodies take steps to protect members and assets against cyber risks, including making sure they, and their suppliers, have the right controls in place.

Ultimately, governing bodies are responsible for the security of their members’ data. So, regardless of size or structure of their scheme, it is vital to stay alert to the ever-evolving risk of cyber-attack.

Our upcoming General Code will introduce the expectation that governing bodies have an effective system of governance in place to minimise potential security risks.

These risks are complex and change over time so governing bodies should regularly test and review their controls, processes and response plans.

Preparation is key, and our guidance on cyber security principles for pensions schemes can help. It sets out good practice, which can be adopted proportionately to the profile of a particular scheme.

The guidance also includes information on organisations and resources useful for trustees and scheme managers when considering cyber security.

Guidance on cyber security and cyber risk for pension schemes is also available from other organisations including the Pensions and Lifetime Savings Association and the Pensions Administration Standards Association.

Share Story: