In total, millions of pensions policyholders have been affected. Understandably, the breach may have served as a wake-up call for schemes, particularly around third-party risks.
However, it’s important that trustees recognise that cyber vulnerabilities are not confined to administrators. Schemes also need to acknowledge that attacks are increasingly inevitable in the digital world.
Roseanne Corbett, client director at Muse Advisory and outsourced pension manager says: “It’s not ‘if’ a cyber incident will occur but ‘when’. The way we need to think about cyber risk, given how challenging it is to prevent it, is to be as prepared and well-equipped as possible to respond to an attack, recover from it and be resilient in its aftermath.”
Lindsay Sadler, senior principal, governance leader at Mercer adds: “Faced with the increased risk of an incident and the potential consequences if one occurs, it’s time for trustees and pension managers to consider cyber as one of the biggest risks facing the security of the scheme and act accordingly.”
The role of trustees
The new TPR general code clarifies schemes’ roles and responsibilities when it comes to…
