search.noResults

search.searching

dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
NEWS


Schemes still lagging peersoncyber security


By Angus Peters


Pension scheme trustees have been warned they must do more to protect members from the threat of cyber attacks


A


leading cyber security expert says pension schemes are still behind the rest of the financial services sector


in protecting members, despite increasing awareness and realism about the threat of online criminals. Jim Gee, national head of


the forensic services team at professional services firm Crowe UK, helped the Pensions Regulator to create guidance, released last year, on cyber security. While trustees are beginning to take action on these threats, some assume that measures they have implemented are impenetrable, according to Mr Gee. In fact, cyber crime is becoming


a fact of life for large organisations. The Department for Digital, Culture, Media and Sport’s latest survey on hacking in April found that 32 per cent of businesses had identified breaches or attacks in the past 12 months, rising to 61 per cent of large businesses. Forty-eight per cent of those who reported an


attack reported at least one such attempt per month. Cyber criminals are organised,


business-minded, and willing to target any organisation. In a Crowe survey of the UK’s top 50 brands, 40 per cent were the subject of active dark web conversations about how to reach their systems, and how to monetise a resulting breach. Not a single Crowe client has been found to have no emails or passwords for sale online. Pension scheme trustees should


not count themselves as immune to this threat, according to Mr Gee. “You can see why pension


schemes would be attractive to them,” he said. “It’s not just the money but it’s also the rich seams of personal data.” Schemes typically hold details


PER CENT OF LARGE BUSINESSES HAVE


OR ATTACKS IN THE


PAST 12 MONTHS


Progress needed on cyber


Proportion of pension plan respondents who rated their cyber risk controls as very good


DB schemes 2017


DC schemes 0 510 % Source: Crowe UK 14 15 20 25 2018


IDENTIFIED BREACHES


SOME 61


about their members, including their bank account details, names and addresses, and even information about member health in some cases. “I’d be surprised if this hadn’t


happened [to a pension scheme] somewhere in the UK. We knowit’s happened in the case of some pension administrators,” Mr Gee said. He said trustee alertness to cyber


threats is improving, due in part to the regulator’s increased focus on the issue. The April 2018 guidance steers trustees and administrators through a three-stage cycle, starting with assessing the risk, then putting in place controls, and finally monitoring and reporting. Cyber security is also starting to


be presented in accessible terms, according to Mr Gee. However, he added that some boards have historically seen cyber risk as a job for their sponsoring employer, and that the pensions industry still trails behind peers such as banks. “It’s much better to admit that


there’s at least a possibility, if not a probability, that you’ll be attacked,” he said of any trustees still burying their heads in the sand. If trustees take on the scenario


training recommended by experts like Mr Gee and have contingency


It’s not just the money but it’s also the rich seams of


personal data Jim Gee, Crowe UK


plans in place, they can react quickly to contain any attacks. This speed of reaction helped


the £32bn Pension Protection Fund limit the impact of a breach it experienced in late 2018. Only a small percentage of


members and employees were targeted, but mandatory employee training and monitoring allowed the pensions lifeboat to respond quickly, consulting experts in the field while it tackled the issue. Simon Liste, the PPF’s chief


information technology officer, said: “We take the protection of our members’ data very seriously. Cyber criminals are always developing new ways to compromise high- security infrastructure and as such we constantly review our security controls and processes to ensure we follow the very highest security standards to mitigate against data loss from these evolving cyber threats.” A 2018 Crowe survey found


that just 17 per cent of defined benefit trustees and 24 per cent of their defined contribution peers rated their cyber risk controls as “very good”. Nonetheless, scores on


these surveys were a marked improvement. One factor driving trustees’ increased alertness is the introduction of the General Data Protection Regulation last year, according to Rebecca Morgan, head of technical research at ITM. Still, she said she had seen


instances of member details being shared via unsecured platforms, and urges trustees to review both third parties’ processes and their own for passing data to these providers.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48