Guest comment: Being cyber prepared

Cybersecurity and the protection of member data has shot right to the top of trustee risk registers.

Many trustees will have had detailed training leading up to the introduction of GDPR in May 2018 and will have been through a wholesale review of their contracts, policies and procedures.

There is a risk that some of the training may be a little rusty. In particular, I find myself pushing trustees to re-run their response training so they are on the front foot when a breach occurs. And unfortunately, it is ‘when’, not ‘if ’.

Attacks always seem to happen on a Friday evening, there is never enough information and it is stressful.

A simple plan helps navigate first interactions, gives structure to the discussions and increases the chances of making good decisions over whether ICO notification is needed within the 72-hour deadline.

This includes confirming facts such as who is impacted, implementing the response plan, establishing who needs to know what and determining remediation.

The plan should also make sure that the increased focus on member data doesn’t obscure other priorities such as running payroll, member transactions and good governance.

Any real-life threat along these lines will be difficult to deal with, but training and a robust response plan will give structure and help to alleviate stress

    Share Story:

Recent Stories


Responsible investing
Laura Blows speaks to Standard Life head of investment solutions, Gareth Trainor, about the latest responsible investment trends and developments for providers, pension schemes and their members
ESG and member engagement
Laura Blows speaks to Legal &General Investment Management head of DC, Emma Douglas, and Nest Insight Director of Research and Innovation, Jo Phillips, about member attitudes towards ESG and how this may impact upon pension fund investments