Pasa launches pensions administration cybercrime guidance

The Pensions Administration Standards Association (Pasa) has launched guidance to help pension administrators avoid and deal with cybercrime.

The cybercrime guidance, produced in partnership with Crowe, sets out four key areas for administrators to consider.

It urges pension administrators to ensure they are meeting legal and regulatory standards, including The Pensions Regulator's (TPR’s) Cyber security principles for pension schemes guidance, publishing in April 2018.

Pasa’s guidance also called on administrators to understand their organisation’s vulnerability to cybercrime, and details how cybercriminals often operate and the ways in which organisations could be vulnerable to an attack.

It noted that pension organisations can be attractive to cyber criminals due to the amount of detailed personal and financial data they have, and cyber-attacks can be particularly damaging as pensions are often a trusted public office, their data can be used against other organisations or individuals, and there is a public expectation that pension companies are secure.

Ensuring their organisation is resilient to cybercrime was the third key area outlined in the guidance and a list of risk mitigation techniques was detailed for administrators, including regularly mapping and documenting data.

Finally, it urged administrators to consider whether they would remain able to fulfil key functions in the event of a cyber-attack and assess the arrangements they have in place if one does occur.

“Pandemic or no pandemic, administrators have a crucial role to play in paying out pensions consistently and accurately,” commented Pasa Cybercrime and Fraud Working Group chair, Jim Gee. "They have access to ‘rich’ personal and financial data and are therefore highly vulnerable to ransomware attacks.

“With thousands of administrators suddenly and unexpectedly thrown into working from home situations, and data being accessed by many people from many different locations, this has had a significant impact on what was already a very problematic issue.

“We have developed the guidance to support and guide administrators in continuing to protect themselves as much as possible. The fact of the matter is, many will be a victim of these attacks, even with the most stringent of procedures in place. The important thing will be how administrators minimise this risk and how they cope when it happens.”

    Share Story:

Recent Stories


Making pension engagement enjoyable through technology
Laura Blows speaks to Nick Hall, business development director and Chartered Financial Planner at UK-based Wealth Wizards about the opportunities that technology provides for increasing people’s engagement with pensions and increasing their retirement wealth. Please click here for an edited write-up of the video

ESG & DC – creating the right tools
In the latest of our series of Pensions Age video interviews Francesca Fabrizi, Editor in Chief of Pensions Age is joined by Manuela Sperandeo, Head of Sustainable Indexing EMEA, BlackRock and Mark Guirey, Executive Director, Asset Owner and Consultant Coverage - MSCI to discuss some key trends of ESG investing among UK pension funds today. Please click here for an edited write-up of the video

Savings and finance at retirement
Laura Blows is joined by Claire Felgate, Head of Global Consultant Relations, UK, at BlackRock, to discuss savings and finance at retirement. Please click here for an edited write-up of the video

Global sustainable credit
Laura Blows speaks to Royal London Asset Management senior fund manager, Rachid Semaoune, about global sustainable credit
Global equities and transition investing
Pensions Age editor, Laura Blows speaks to Royal London Asset Management equity investment director, Jonathan Price, about transitioning to sustainable investments within global equities

Advertisement Advertisement