Hackers Want Your Pension

Britain's  Pensions Regulator (TPR) has updated its cyber security guidance to help tackle the ongoing threat posed by cyber criminals, urging pension scheme trustees to report significant cyber-related incidents. 

In its guidance, TPR noted that pension schemes are at risk of being targeted by cyber-attacks because of the large amounts of personal data and assets they hold, stressing that trustees and scheme managers are accountable for the security of scheme information and assets. 

Given this, the revised guidance aims to help trustees and scheme managers meet their duties to assess the risk, ensure controls are in place, and respond to incidents. It is also expected to be of use to scheme suppliers and advisers.

In particular, TPR has, for the first time, asked trustees and scheme providers to report significant cyber incidents, so it can build a better picture of the cyber risk facing the industry and its members. "We are keen to work with the industry to ensure that savers are adequately protected, and share good practice and insight. Open and transparent dialogue is particularly important for handling cyber risk," TPR stated in the guidance.

"We are asking schemes, their advisers and providers to report significant cyber incidents to us on a voluntary basis, in an open and co-operative way, as soon as reasonably practicable. You do not need to conduct the full incident investigation before reporting to us."

However, TPR clarified that reporting an incident the regulator does not replace existing legal requirements, such as the need to report a personal data breach to the Information Commissioner's Office (ICO) without undue delay.
The guidance also emphasised that trustees are legally required to report breaches of pensions law where these are likely to be of material significance, including where these arise from a cyber incident, for example if it leaves the scheme unable to process core transactions promptly and accurately, such as benefit payments.

Commenting on the new guidance, the TPR director of regulatory policy, analysis & advice, Louise Davey, said: “Cyber risk is complex, evolving and requires a dynamic response. It’s a very real threat as we have seen from events this year...  “We want industry to work openly and collaboratively together, and with us, to address the challenges of cyber threats and have a clear plan for when things go wrong. Doing so will make us all more resilient to attacks. 

"As part of this, we want to hear about cyber-related incidents so our understanding of issues improves in real time."

TPR:    Pension Age:     Law360

You Might Also Read:

US Pension Fund Hit By MoveIT Vulnerability:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Ukrainian Mobile Operator Suffers A Large-Scale Cyber Attack 
Five Tips for Securing Your CI/CD Pipeline »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

CTR Secure Services

CTR Secure Services

CTR Secure Services provides a broad range of security consulting services from asset protection to cyber security.

Cyber Execs

Cyber Execs

Cyber Execs is a Cyber Security Consultancy & Executive Recruitment firm.

Wireless Logic

Wireless Logic

Wireless Logic delivers a range of secure and resilient value-added M2M/IoT managed services that empower remote devices to communicate cost-effectively, two ways.

SecuDrive

SecuDrive

SecuDrive, provides hardware encrypted external storage devices to protect a company’s sensitive and important data.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Chronicle

Chronicle

Chronicle products combine intelligence about global threats in the wild, threats inside your network, and unique signals about both.

Arc4dia Labs

Arc4dia Labs

Arc4dia have developed SNOW, a cyber security solution to combat the world’s most sophisticated cyber threats.

Ingenio Global

Ingenio Global

Ingenio is a specialist recruitment business for SaaS companies. Our purpose is to source exceptional talent in areas including cyber security for leading SaaS companies in the UK and Ireland.

TeraByte

TeraByte

TeraByte is an information security company which helps to educate and protect businesses from cyber security related risks.

Sergeant Laboratories

Sergeant Laboratories

Sergeant Laboratories builds advanced technologies to prove compliance in complex IT security and regulatory compliance situations.

Next Peak

Next Peak

Next Peak provides cyber advisory and operational services based on deep business and national security experience, thought leadership, and a network of front-line defenders.

Teleport

Teleport

Teleport is a remote-first technology company. We enable engineers to quickly access any computing resource anywhere on the planet.

AnyTech365

AnyTech365

AnyTech365 is a leading European IT Security and Support company helping end users and small businesses have a worry-free experience with all things tech.

WinMagic

WinMagic

At WinMagic, we’re dedicated to making authentication and encryption solutions that protect data without causing user friction so that everyone can work freely and securely.

Data Pie Cybersecurity

Data Pie Cybersecurity

The Data Pie Cybersecurity Consulting offers a 360° around protection for your IT security. Security awareness solutions and consulting.

GovSky

GovSky

GovSky streamlines CMMC compliance, saving time and significantly reducing cost.