Administrators of UK pension schemes have been told to better prepare for cyber risk ahead of the singular new Pensions Regulator (TPR) code, after research by RSM UK found there had been a ‘significant increase’ cyber attacks over the past year.
The study showed that more than a quarter (27%) of businesses had suffered a cyberattack in the past year, up from 20% the previous year.
RSM also pointed to previous research from Aon, which showed that only two in five occupational pension plans have a robust incident response plan in place, and only 2% have a cyber insurance policy in place.
However, RSM UK pensions manager Ian Bell has warned that pension schemes are a particularly attractive target for cybercriminals, due to the value of the funds they protect and the large amounts of sensitive member data. that they hold.
“Administrators need to have a full understanding of their cyber footprint, which third parties hold their data, and what measures are in place to protect it,” he continued.
“Retired or elderly members can often fall victim to phishing attacks, as they may be less familiar with the technology and deception methods deployed by fraudsters.
“Older people are also more likely to suffer from conditions that affect their cognitive reasoning, such as dementia, making them potentially vulnerable to exploitation by cybercriminals, who seek to trick them into transferring their funds – either with promises of higher returns, or with claims that their pension fund must be moved to “protect” it.
On top of that, RSM noted that while only 24% of companies in its survey felt they were very likely to fall victim to a ransomware attack, figures from the Information Commissioner’s Office showed that these attacks have increased by 100% since the pandemic.
Bell continued: “We urge all pension plan administrators to review their cybersecurity strategy now and ensure that any areas that could be improved are addressed quickly, as the risk of ransomware attacks and other Cybersecurity risks have increased in the current climate.”
He also pointed out that TPR has explained how it expects trustees to behave in relation to cyber risks, suggesting that trustees who are unsure of their responsibilities should refer to these guidelines as well as the requirements. unique new code, expected this summer.
“Pension providers should also do all they can to support older people and help them understand the risks and methods deployed by fraudsters so they can avoid being victimized,” he added.