Pension trustees urged to prepare for cyber risks ahead of TPR code

UK pension scheme trustees have been urged to better prepare for cyber risk ahead of The Pensions Regulator’s (TPR) new singular code, after research from RSM UK revealed that there had been a “significant increase” in cyber-attacks over the past year.

The research showed that over a quarter (27 per cent) of businesses had experienced a cyber attack in the past year, up from 20 per cent the previous year.

RSM also flagged previous research from Aon, which showed that only two in five occupational pension schemes have a robust incident response plan in place, and only 2 per cent have a cyber insurance policy in place.

However, RSM UK head of pensions, Ian Bell, warned that pensions schemes are a particularly attractive target for cybercriminals, due to the value of funds they protect and the large amounts of sensitive member data they hold.

“Trustees need to have a full understanding of their cyber footprint, which third parties hold their data and what measures are in place to protect it,” he continued.

“Pensioners or elderly members can often fall victim to phishing attacks, as they may be less familiar with technology and the methods of deception deployed by fraudsters.

“Older people are also more likely to suffer from illnesses that impact their cognitive reasoning, such as dementia, making them potentially vulnerable to exploitation by cyber criminals, who seek to deceive them into transferring their funds - either with promises of higher returns, or claims that their pension fund needs to be moved to ‘protect’ it.”

In addition to this, RSM noted that whilst just 24 per cent of businesses in its survey felt that they were very likely to fall victim to a ransomware attack, figures from the Information Commissioner’s Office showed that such attacks have gone up 100 per cent since the pandemic.

Bell continued: “We’d urge all pensions scheme trustees to review their cyber security strategy now and ensure any areas that could be improved are addressed promptly, as the risk of ransomware attacks and other cyber security risks has increased in the current climate."

He also pointed out that TPR has outlined how how it expects trustees to behave in relation to cyber risks, suggesting that trustees who are unsure of their responsibilities should refer to this guidance and also the requirements of the new singular code, due this summer.

“Pensions providers should also do all they can to support older people and help them understand the risks and methods deployed by fraudsters so they can avoid falling victim," he added.

    Share Story:

Recent Stories

Pensions Age podcast: buy-outs and buy-ins for member and employer nominated trustees
Pitfalls and good practice when approaching insurers with Pensions Age editor, Laura Blows, Martin Parker (Just Group) and Akash Rooprai (ITS)
Climate change and board diversity
Pensions Age editor, Laura Blows, speaks to State Street Global Advisors global head of asset stewardship strategy, Robert Walker, about the company’s stewardship priorities for the year.