This comes after the regulator published updated cyber security guidance yesterday (11 December), setting out how trustees and scheme managers can meet their duties to assess risk, ensure controls are in place and respond to incidents.
The regulator also, for the first time, called on trustees to report significant cyber-related incidents to tackle the “ongoing threat” posed by cyber criminals.
RSM urged the regulator to do more to ensure trustees and scheme managers are pointed towards evolving best practice and practical steps.
Cyber risk partner Stuart Leach said TPR’s guidance is “essential, especially as in the year to June 2023, there was a 4,000% increase in pension scheme cybersecurity breaches”.
He said the guidance “highlights the importance of TPR continuing to collaborate with industry and other relevant bodies, to ensure guidance continues to evolve and the bar for minimum standards is raised on cyber controls and risk management”.
Leach added: “The guidance also anticipates the long-awaited general code, which is useful in giving trustees a broad steer on what is expected of them, something which has previously been open to interpretation. Trustees will be…
