Pasa launches pensions administration cybercrime guidance

The Pensions Administration Standards Association (Pasa) has launched guidance to help pension administrators avoid and deal with cybercrime.

The cybercrime guidance, produced in partnership with Crowe, sets out four key areas for administrators to consider.

It urges pension administrators to ensure they are meeting legal and regulatory standards, including The Pensions Regulator's (TPR’s) Cyber security principles for pension schemes guidance, publishing in April 2018.

Pasa’s guidance also called on administrators to understand their organisation’s vulnerability to cybercrime, and details how cybercriminals often operate and the ways in which organisations could be vulnerable to an attack.

It noted that pension organisations can be attractive to cyber criminals due to the amount of detailed personal and financial data they have, and cyber-attacks can be particularly damaging as pensions are often a trusted public office, their data can be used against other organisations or individuals, and there is a public expectation that pension companies are secure.

Ensuring their organisation is resilient to cybercrime was the third key area outlined in the guidance and a list of risk mitigation techniques was detailed for administrators, including regularly mapping and documenting data.

Finally, it urged administrators to consider whether they would remain able to fulfil key functions in the event of a cyber-attack and assess the arrangements they have in place if one does occur.

“Pandemic or no pandemic, administrators have a crucial role to play in paying out pensions consistently and accurately,” commented Pasa Cybercrime and Fraud Working Group chair, Jim Gee. "They have access to ‘rich’ personal and financial data and are therefore highly vulnerable to ransomware attacks.

“With thousands of administrators suddenly and unexpectedly thrown into working from home situations, and data being accessed by many people from many different locations, this has had a significant impact on what was already a very problematic issue.

“We have developed the guidance to support and guide administrators in continuing to protect themselves as much as possible. The fact of the matter is, many will be a victim of these attacks, even with the most stringent of procedures in place. The important thing will be how administrators minimise this risk and how they cope when it happens.”

    Share Story:

Recent Stories

Are current roads into retirement delivering member value?
Laura Blows explores HSBC Master Trust’s recent report, Converting pension pots into incomes, with HSBC Retirement Services CEO, Alison Hatcher.

Savings and finance at retirement
Laura Blows is joined by Claire Felgate, Head of Global Consultant Relations, UK, at BlackRock, to discuss savings and finance at retirement. Please click here for an edited write-up of the video

Making pension engagement enjoyable through technology
Laura Blows speaks to Nick Hall, business development director and Chartered Financial Planner at UK-based Wealth Wizards about the opportunities that technology provides for increasing people’s engagement with pensions and increasing their retirement wealth. Please click here for an edited write-up of the video

Pension portfolios – the role of asset-backed securities
Laura Blows is joined by Royal London Asset Management (RLAM) head of sterling credit research, Martin Foden, and its Senior Fund Manager, Shalin Shah to discuss the role of asset-backed securities (ABS) within pension fund portfolios
Incorporating ESG into fixed income
Laura Blows is joined by TCW head of fixed income ESG, Jamie Franco, to discuss incorporating environmental, social and governance (ESG) strategies into fixed income portfolios