Pension scheme trustees have been urged to remain mindful of cybersecurity risks, after research from RPC revealed a 4,000 per cent increase in data breach reports to the Information Commissioners Office (ICO) in the year to June 2023.
The research found that UK financial services firms reported 640 cybersecurity breaches to the ICO in the year to June 30 2023, marking a nearly threefold increase on the 187 cybersecurity breaches in the previous period.
UK pension schemes reported the biggest rise in cybersecurity breaches, according to the research, increasing from six in 2021/22 to 246 in 2022/23.
Indeed, RPC suggested that pension schemes could be a particular target for hackers, as they hold a huge amount of valuable, sensitive, financial data, and pension schemes to pay pensioners without disruption, making them potentially vulnerable to ransom demands.
Given this, RPC partner and head of cyber and tech insurance, Richard Breavington, argued that cybersecurity is "fundamental to pension scheme trustees' legal duties", warning that pension scheme trustees can be liable for failure to manage cyber risk appropriately.
The firm also pointed out that, per The Pensions Regulator's cybersecurity guidance, trustees remain accountable for the security of scheme information and assets even when day-to-day functions are outsourced.
In light of this, RPC suggested that any business looking to protect itself from the impact of a cyber-attack should invest in understanding its cyber footprint and the risks it poses and have the right policies/procedures in place.
In addition to this, it recommended that organisations consider cyber insurance to provide coverage for losses resulting from a cyber incident, as well as access to legal, technical forensic and PR support.
Breavington stated: "It’s a cause for concern that so many financial services firms, especially pension schemes, have suffered some form of cyber-attack, resulting in a data breach.
“The assumption might sometimes be that major financial services businesses have robust cyber defences so that they are impervious – that certainly hasn’t stopped hackers continuing to try.”
Cyber security issues have been a key focus for pension schemes amid growing concerns over cyber-attack risks, as providers and pensions schemes seek to protect member information and benefits.
These concerns were heightened after a number of pension schemes were impacted by the Capita cyber incident earlier this year, with evidence of “limited data exfiltration from the small proportion of affected service estate which might include some customer, supplier or colleague data”.
The Pensions Regulator also recently highlighted this incident as a reminder of the importance of being alert to cyber risk, stressing the need for all governing bodies take steps to protect members and assets against cyber risks.
However, industry experts have also argued that The Pensions Regulator should provide clearer cyber risk guidance, including examples of best practice and practical steps for trustees and scheme managers.
Recent Stories