Over half of respondents (53 per cent) to a survey of pension professionals said that cyber and data security was the area their Own Risk Assessment (ORA) found to be most in need of improvement.

The poll was conducted during a recent Society of Pension Professionals (SPP) webinar on ORAs, held as schemes with 100 members or more, and a 31 March year-end, faced a 31 March 2026 deadline for submitting their first ORA.

Following cyber and data security, 8 per cent of respondents said their ORA had flagged administration and operational controls as most in need of strengthening, followed by 6 per cent who voted for their risk management framework.

Furthermore, the poll found that over half (53 per cent) of pension professionals said the ORA was of ‘moderate value’ and a further 10 per cent reported it was ‘very valuable’.

The ORA was introduced under The Pensions Regulator's General Code of Practice and measures how well a scheme’s governance framework is working in practice.

SPP member and Independent Governance Group associate director, Jake Churchill, commented: “With many pension schemes now having completed their first ORA, it is positive to hear that most schemes found the process valuable and are utilising the results to identify the ways that they need to make their governance more effective.

"In particular, ORAs should be proportionate, iterative and lead to positive actions.”

Responding to findings that SPP members said ORAs have so far identified cyber and data security as the main areas for improvement, he said: “With technologies such as AI posing new challenges for scheme governance, we must continue to share best practice across the pensions industry.”

---