PLSA AC 22: Less than a quarter of schemes have a cyber risk register

Less than a quarter (22 per cent) of pension schemes have a risk register documenting cyber risks in place, according to a survey conducted at the PLSA Annual Conference 2022.

Aon associate partner, Vanessa Jaeger, said she was surprised that the proportion of schemes with a cyber risk register was so low.

“Risk register is a little bit surprising, that is quite low,” she stated. “I think most schemes should have that and the auditors are requesting that these days.”

The poll also found that just over a fifth (21 per cent) of respondents had a cyber security policy in place with their scheme.

Nearly one in five (19 per cent) had a programme for reviewing third party lenders in their scheme, while the same percentage had an incident response plan in place.

“The incidence response plan, that’s something quite a lot of you need to pay attention to if you haven’t done already because it’s something that is going to be part of the single code when that comes in,” Jaeger said.

Just over one in 10 (11 per cent) had cyber guidance for trustees/trustee hygiene policy in place, while 9 per cent had mapping of the security controls for the movement of data and assets.

Although none of the polling options had more than a quarter of the audience having them in place, none of the respondents had none of the anti-cyber attack measures in place.

“When we’re thinking about challenges, the first challenge we tend to see is schemes don’t know where to start,” Jaeger said.

“You know we need to do something about cyber risk. It might be that you don’t understand what the risk means, or it might be that you don’t understand what you need to do to manage that risk.

“The second challenge we are seeing is around not understanding what the overall framework is and what actions you need to take.

“The third challenge is we are seeing is a number of schemes have gone quite a long way through this, they’ve completed all the tasks to start with, but then they’re working out how do we turn this into business-as-usual activity.

“I think it’s important to recognise that looking at cyber risk is not a one-off project.”

    Share Story:

Recent Stories

Are current roads into retirement delivering member value?
Laura Blows explores HSBC Master Trust’s recent report, Converting pension pots into incomes, with HSBC Retirement Services CEO, Alison Hatcher.

Savings and finance at retirement
Laura Blows is joined by Claire Felgate, Head of Global Consultant Relations, UK, at BlackRock, to discuss savings and finance at retirement. Please click here for an edited write-up of the video

Making pension engagement enjoyable through technology
Laura Blows speaks to Nick Hall, business development director and Chartered Financial Planner at UK-based Wealth Wizards about the opportunities that technology provides for increasing people’s engagement with pensions and increasing their retirement wealth. Please click here for an edited write-up of the video

Pension portfolios – the role of asset-backed securities
Laura Blows is joined by Royal London Asset Management (RLAM) head of sterling credit research, Martin Foden, and its Senior Fund Manager, Shalin Shah to discuss the role of asset-backed securities (ABS) within pension fund portfolios
Incorporating ESG into fixed income
Laura Blows is joined by TCW head of fixed income ESG, Jamie Franco, to discuss incorporating environmental, social and governance (ESG) strategies into fixed income portfolios