Pension scheme trustees need to prepare for rising cyber-crime according to new industry warnings.
Recent research by RSM UK shows that despite a significant increase in the number of these attacks, the number of businesses that think they are likely to be hit has fallen.
Its research showed that 27 per cent of business experienced a cyber-attack in the past year, up from just one in five (20 per cent) the year before. However over this same period the number of business that felt they were ‘very likely’ to fall victim to a ransomware attack had fallen significantly — from 34 per cent in 2021 to just 24 per cent this year.
Research by Aon last year suggests pension scheme in particular need to do more to protect schemes. It found that only two in five occupational schemes have a robust incident response plan in place. More worryingly, over 60 per cent of schemes have not assessed the potential financial impact of a cyber-attack, and only 2 per cent have a cyber insurance policy in place.
RSM UK head of pensions Ian Bell says: ‘Pensions schemes are a particularly attractive target for cybercriminals, due to the value of funds they protect and the large amounts of sensitive member data they hold.
“Trustees need to have a full understanding of their cyber footprint, which third parties hold their data and what measures are in place to protect it. Pensioners or elderly members can often fall victim to phishing attacks, as they may be less familiar with technology and the methods of deception deployed by fraudsters. Older people are also more likely to suffer from illnesses that impact their cognitive reasoning, such as dementia, making them potentially vulnerable to exploitation by cyber criminals.”
He adds: “Pension schemes trustees should also be aware of the increased risk of ransomware attacks. These attacks, where hackers either steal or encrypt data, then hold a business to ransom for it, have escalated 100 per cent since the pandemic, according to the Information Commissioner’s Office (ICO). They are expected to rise further in future, partly due to changing external events such as inflation increases, volatile financial markets and the current Russia-Ukraine situation.”
In light of this Bell is urging all trustees to review their cyber security strategy and ensure any areas that could be improved are addressed promptly, as the risk of ransomware attacks and other cyber security risks has increased in the current climate.
He points out that The Pensions Regulator outlines how it expects trustees to behave in relation to cyber risks, so trustees who are unsure of their responsibilities should refer to this guidance and also the requirements of the new singular code, due this summer.
He also called for pensions providers to do what they can to support older people and help them understand the risks and methods deployed by fraudsters so they can avoid falling victim.