The Pensions Regulator is to publish a guidance paper on pension scheme cyber resilience, it has confirmed.

Speaking at Pensions Age’s annual data seminar with ITM, TPR policy lead Lucy Stone highlighted that in light of increasing cyber breaches, the regulator will be producing a guidance piece on how pension schemes can be resilient against cyber-attacks.

“Pension schemes are very valuable targets to cyber criminals, personal information are valuable, marketable commodities,” Stone stated.

In order to change the way data is protected, Stone noted that the regulator “wants to change the dialogue” around administration. She emphasised that when it comes to the protection of scheme information, it is not just about administrators, but also trustees, advisers and employers need to be responsible. Schemes need to “look at the whole footprint”, Stone added.

Furthermore, it was noted that there is a need to “not just talk about cyber security but also cyber resilience” and to have effective plans in place, in order to be prepared for when “things go wrong”.

Stone detailed recent research by the regulator that looked at different types of schemes’ consideration of admin issues. The study found that 90 per cent of large DC schemes assign a focus on administration issues at board meetings, while only 14 per cent of small schemes do this. DB schemes were more likely to measure their data than DC schemes.

“Data is a corporate priority for the regulator to drive up standards of record keeping… and we are working with the administration industry to increase standards,” Stone said.

When asked for further detail as to when the guidance will be published, a TPR spokesperson said: “TPR has been working with industry to identify good practice and this will be set out in new guidance shortly.”

Looking ahead to the General Data Protection Regulation that is to come into effect on 25 May this year, Stone noted that if schemes are already complying with the Data Protection Act and have an “effective” data governance programme in place, they are “most of the way there” in terms of meeting the new requirements.

Share Story: