The global ransomware attack that paralysed the NHS on Friday has been described as a “wake-up call” to pension schemes.
Known as WannaCrypt or WannaCry the ransomware hit several NHS health trusts on Friday, and has been described by Europol as the “largest ransomware attack observed in history”. A statement from the National Cyber Security Centre said the attack has been on thousands of private and public sector organisations across dozens of countries.
It has warned that the way the attack works means that compromises of machines and networks that have already occurred may not have been detected yet. Existing infections from the malware can spread within networks and so as the new working work begins there may be more infections.
Commenting on the attack, Gowling WLG director Suzanne Mortimer said: "Last week's worldwide cyber security attack should be a wake-up call for pension schemes. Only last week I spoke at our client update seminar about the risks trustees faced. Quite simply, as the events of Friday demonstrate, there is not a moment to lose in tackling the issue.
“The Pensions Regulator has flagged the risks a number of times, most recently in its Corporate Plan 2017-2020. On any day, trustees will be exposed to some kind of cyber security risk whether as individuals, via the members or through one of the scheme's service providers.”
Mortimer advised trustees to identify risks, take steps to address the risks, actively monitor risks and be prepared to react appropriately to an attack.
“Cyber-crime impacts trustees and pension scheme members and it should be a key item on trustees' risk register. The best way to tackle the threat of a cyber-attack will be to work together with the other stakeholders. Pension schemes must make sure they are not the next victim."
The NCSC has guidance on how to protect your organisation which can be viewed here.