PLSA AC 22: Less than a quarter of schemes have a cyber risk register

Less than a quarter (22 per cent) of pension schemes have a risk register documenting cyber risks in place, according to a survey conducted at the PLSA Annual Conference 2022.

Aon associate partner, Vanessa Jaeger, said she was surprised that the proportion of schemes with a cyber risk register was so low.

“Risk register is a little bit surprising, that is quite low,” she stated. “I think most schemes should have that and the auditors are requesting that these days.”

The poll also found that just over a fifth (21 per cent) of respondents had a cyber security policy in place with their scheme.

Nearly one in five (19 per cent) had a programme for reviewing third party lenders in their scheme, while the same percentage had an incident response plan in place.

“The incidence response plan, that’s something quite a lot of you need to pay attention to if you haven’t done already because it’s something that is going to be part of the single code when that comes in,” Jaeger said.

Just over one in 10 (11 per cent) had cyber guidance for trustees/trustee hygiene policy in place, while 9 per cent had mapping of the security controls for the movement of data and assets.

Although none of the polling options had more than a quarter of the audience having them in place, none of the respondents had none of the anti-cyber attack measures in place.

“When we’re thinking about challenges, the first challenge we tend to see is schemes don’t know where to start,” Jaeger said.

“You know we need to do something about cyber risk. It might be that you don’t understand what the risk means, or it might be that you don’t understand what you need to do to manage that risk.

“The second challenge we are seeing is around not understanding what the overall framework is and what actions you need to take.

“The third challenge is we are seeing is a number of schemes have gone quite a long way through this, they’ve completed all the tasks to start with, but then they’re working out how do we turn this into business-as-usual activity.

“I think it’s important to recognise that looking at cyber risk is not a one-off project.”

    Share Story:

Recent Stories


Closing the gender pension gap
Laura Blows discusses the gender pension gap with Scottish Widows head of workplace strategic relationships, Jill Henderson, in our latest Pensions Age video interview

Endgames and LDI: Lessons to be learnt
At the PLSA Annual Conference, Laura Blows spoke to State Street Global Advisors EMEA head of LDI, Jeremy Rideau, about DB endgames and LDI in the wake of the gilts crisis of two years ago

Keeping on track
In the latest Pensions Age podcast, Sophie Smith talks to Pensions Dashboards Programme (PDP) principal, Chris Curry, about the latest pensions dashboards developments, and the work still needed to stay on track
Building investments in a DC world
In the latest Pensions Age podcast, Sophie Smith talks to USS Investment Management’s head of investment product management, Naomi Clark, about the USS’ DC investments and its journey into private markets

Advertisement