Trustees urged to consider ‘personal cyber hygiene’ to mitigate cyber risk

Pension scheme trustees should assess their ‘personal cyber hygiene’ to mitigate the risk of cyber attacks, the Institute and Faculty of Actuaries (IFoA) has said.

In a publication on the key cyber risks faced by pension schemes, the IFoA warned that cyber risk poses a “significant threat” and has the ability to cripple administration, breach confidentiality or defraud the scheme and employer.

It noted that trustees are ultimately responsible for ensuring adequate protections and mitigations are in place and should seek for both in-house and third-party operations to adhere to basic cyber hygiene principles “at a minimum”.

In considering their personal cyber hygiene, trustees were urged to assess the strength of their passwords, ensure they have adequate virus and anti-malware protections in place, and regularly apply security updates and patches to their operating systems.

The publication, written by IFoA Operational Risk Working Party chair, Patrick Kelliher, and IFoA Cyber Risk Working Party member, Vanessa Jaeger, warned against the use of unsupported software, such as Microsoft Windows 7, which are more vulnerable to an attack.

Trustees were also called upon to assess their email security by monitoring whether they retain scheme correspondence that contains personal data and considering whether any e-signatures used could be used by a cyber criminal to commit fraud.

“Trustees should seek to undertake regular training to ensure that they stay up to date as threats and tactics evolve,” said the IFoA.

“This could be from advisers, the sponsor or using online tools such as UK National Cyber Security Centre (NCSC) guidance. Trustees could also take part in phishing exercises to assist them with staying alert to potentially harmful emails.”

Even with robust controls in place, successful cyber attacks are still possible, the IFoA warned, and suggested that trustees consider whether the third-party has sufficient financial resources to deal with the costs.

This may include their cyber insurance, although the IFoA noted that insurance is unlikely to cover GDPR fines and basic cyber hygiene would still need to be maintained, even if cyber insurance is in place.

“Trustees should also have regard to exposure they have to the employer and should seek assurances as to the strength of employer cyber controls,” the authors continued.

“Employers provide such indemnities by way of the scheme rules, but, for those employers with weaker covenants, trustee may need to consider alternative protections.

“For example, trustees should also enquire about the employer’s insurance policies and whether any of these would cover the scheme as well as the employer from cyber attacks.”

    Share Story:

Recent Stories


Making pension engagement enjoyable through technology
Laura Blows speaks to Nick Hall, business development director and Chartered Financial Planner at UK-based Wealth Wizards about the opportunities that technology provides for increasing people’s engagement with pensions and increasing their retirement wealth. Please click here for an edited write-up of the video

ESG & DC – creating the right tools
In the latest of our series of Pensions Age video interviews Francesca Fabrizi, Editor in Chief of Pensions Age is joined by Manuela Sperandeo, Head of Sustainable Indexing EMEA, BlackRock and Mark Guirey, Executive Director, Asset Owner and Consultant Coverage - MSCI to discuss some key trends of ESG investing among UK pension funds today. Please click here for an edited write-up of the video

Savings and finance at retirement
Laura Blows is joined by Claire Felgate, Head of Global Consultant Relations, UK, at BlackRock, to discuss savings and finance at retirement. Please click here for an edited write-up of the video

Cost transparency
Pensions Age editor, Laura Blows, discusses investment cost transparency and savings with Aon’s Neil Smith and Chris Hawksworth. Please click here for an edited write-up of the video
Multi asset credit
Pensions Age editor, Laura Blows, discusses multi asset credit with Royal London Asset Management senior fund manager, Khuram Sharih

Advertisement Advertisement