Pension trustees urged to prepare for cyber risks ahead of TPR code

UK pension scheme trustees have been urged to better prepare for cyber risk ahead of The Pensions Regulator’s (TPR) new singular code, after research from RSM UK revealed that there had been a “significant increase” in cyber-attacks over the past year.

The research showed that over a quarter (27 per cent) of businesses had experienced a cyber attack in the past year, up from 20 per cent the previous year.

RSM also flagged previous research from Aon, which showed that only two in five occupational pension schemes have a robust incident response plan in place, and only 2 per cent have a cyber insurance policy in place.

However, RSM UK head of pensions, Ian Bell, warned that pensions schemes are a particularly attractive target for cybercriminals, due to the value of funds they protect and the large amounts of sensitive member data they hold.

“Trustees need to have a full understanding of their cyber footprint, which third parties hold their data and what measures are in place to protect it,” he continued.

“Pensioners or elderly members can often fall victim to phishing attacks, as they may be less familiar with technology and the methods of deception deployed by fraudsters.

“Older people are also more likely to suffer from illnesses that impact their cognitive reasoning, such as dementia, making them potentially vulnerable to exploitation by cyber criminals, who seek to deceive them into transferring their funds - either with promises of higher returns, or claims that their pension fund needs to be moved to ‘protect’ it.”

In addition to this, RSM noted that whilst just 24 per cent of businesses in its survey felt that they were very likely to fall victim to a ransomware attack, figures from the Information Commissioner’s Office showed that such attacks have gone up 100 per cent since the pandemic.

Bell continued: “We’d urge all pensions scheme trustees to review their cyber security strategy now and ensure any areas that could be improved are addressed promptly, as the risk of ransomware attacks and other cyber security risks has increased in the current climate."

He also pointed out that TPR has outlined how how it expects trustees to behave in relation to cyber risks, suggesting that trustees who are unsure of their responsibilities should refer to this guidance and also the requirements of the new singular code, due this summer.

“Pensions providers should also do all they can to support older people and help them understand the risks and methods deployed by fraudsters so they can avoid falling victim," he added.

    Share Story:

Recent Stories


Closing the gender pension gap
Laura Blows discusses the gender pension gap with Scottish Widows head of workplace strategic relationships, Jill Henderson, in our latest Pensions Age video interview

Endgames and LDI: Lessons to be learnt
At the PLSA Annual Conference, Laura Blows spoke to State Street Global Advisors EMEA head of LDI, Jeremy Rideau, about DB endgames and LDI in the wake of the gilts crisis of two years ago

Keeping on track
In the latest Pensions Age podcast, Sophie Smith talks to Pensions Dashboards Programme (PDP) principal, Chris Curry, about the latest pensions dashboards developments, and the work still needed to stay on track
Building investments in a DC world
In the latest Pensions Age podcast, Sophie Smith talks to USS Investment Management’s head of investment product management, Naomi Clark, about the USS’ DC investments and its journey into private markets

Advertisement