The risk of data security incidents is increasing as pension funds insufficiently factor cybersecurity into their risk assessments, Dutch pensions supervisor De Nederlandsche Bank (DNB) has warned.
In its annual security monitor, the regulator said that financial institutions, including pension funds, insufficiently evaluated their risk management in this area, or failed to anticipate developments in data security.
“As cybersecurity threats increase and change, evaluating and anticipating is crucial,” said DNB.
It said it was remarkable that concrete threats – such as phishing, ransomware and hacking – received “little attention”.
The watchdog also noted that pension funds often did not have sufficient knowledge of how security measures at their outsourced service providers.
“As a consequence, schemes are unable to show they are in control, or make clear that measures are effective,” DNB said.
DNB added that sometimes a scheme knew how outsourcing partners had organised their security, but lacked insight into mutual dependencies.
This raised questions about whether all measures combined would be sufficient for the entire investment chain.
Last year, DNB warned that…
