The Pensions Regulator warns on cyber attacks
The Pensions Regulator has called on trustees to help battle cyber-crooks by reporting significant cyber-related incidents as part of updated guidance to tackle the ongoing threat posed by cyber criminals.
It warned that pension schemes were at risk of being targeted by cyber attackers because of the large amounts of personal data and assets they hold.
The Regulator told trustees: “As trustees and scheme managers, you need to take steps to protect your members and assets accordingly, which includes protecting them against ‘cyber risk’.”
TPR’s said its latest guidance published on Monday is designed to help trustees and scheme managers meet their duties to assess the risk, ensure controls are in place, and respond to incidents. The guidance will also be useful to scheme suppliers and advisers, the regulator said.
For the first time, it has asked trustees and scheme providers to report significant cyber incidents, so it can build a better picture of the cyber risk facing the industry and its members.
Louise Davey, interim director of regulatory policy, analysis and advice at TPR, said: “Cyber risk is complex, evolving and requires a dynamic response. It’s a very real threat as we have seen from events this year.
“We want industry to work openly and collaboratively together, and with us, to address the challenges of cyber threats and have a clear plan for when things go wrong. Doing so will make us all more resilient to attacks. As part of this, we want to hear about cyber-related incidents so our understanding of issues improves in real time."
TPR is asking schemes, their advisers and providers to report significant cyber incidents to it on a voluntary basis, in an open and cooperative way, as soon as reasonably practicable.
It said a significant cyber incident is likely to result
- a significant loss of member data
- major disruption to member services
- a negative impact on a number of other pension schemes or pension service providers