Hackers Want Your Pension

Uploaded on 2023-12-18 in FREE TO VIEW, BUSINESS-Services-Financial

Britain's  Pensions Regulator (TPR) has updated its cyber security guidance to help tackle the ongoing threat posed by cyber criminals, urging pension scheme trustees to report significant cyber-related incidents. 

In its guidance, TPR noted that pension schemes are at risk of being targeted by cyber-attacks because of the large amounts of personal data and assets they hold, stressing that trustees and scheme managers are accountable for the security of scheme information and assets. 

Given this, the revised guidance aims to help trustees and scheme managers meet their duties to assess the risk, ensure controls are in place, and respond to incidents. It is also expected to be of use to scheme suppliers and advisers.

In particular, TPR has, for the first time, asked trustees and scheme providers to report significant cyber incidents, so it can build a better picture of the cyber risk facing the industry and its members. "We are keen to work with the industry to ensure that savers are adequately protected, and share good practice and insight. Open and transparent dialogue is particularly important for handling cyber risk," TPR stated in the guidance.

"We are asking schemes, their advisers and providers to report significant cyber incidents to us on a voluntary basis, in an open and co-operative way, as soon as reasonably practicable. You do not need to conduct the full incident investigation before reporting to us."

However, TPR clarified that reporting an incident the regulator does not replace existing legal requirements, such as the need to report a personal data breach to the Information Commissioner's Office (ICO) without undue delay.
The guidance also emphasised that trustees are legally required to report breaches of pensions law where these are likely to be of material significance, including where these arise from a cyber incident, for example if it leaves the scheme unable to process core transactions promptly and accurately, such as benefit payments.

Commenting on the new guidance, the TPR director of regulatory policy, analysis & advice, Louise Davey, said: “Cyber risk is complex, evolving and requires a dynamic response. It’s a very real threat as we have seen from events this year...  “We want industry to work openly and collaboratively together, and with us, to address the challenges of cyber threats and have a clear plan for when things go wrong. Doing so will make us all more resilient to attacks. 

"As part of this, we want to hear about cyber-related incidents so our understanding of issues improves in real time."

TPR:    Pension Age:     Law360

You Might Also Read:

US Pension Fund Hit By MoveIT Vulnerability:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Ukrainian Mobile Operator Suffers A Large-Scale Cyber Attack 
Five Tips for Securing Your CI/CD Pipeline »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DFLabs

DFLabs

DFlabs is a pioneer in Security Automation & Orchestration technology, leveraging your existing security products to dramatically reduce the response and remediation gap.

PlainID

PlainID

PlainID provides IAM teams with a simple and intuitive means to control their organization’s entire authorization process.

Sikur

Sikur

Sikur have developed a communication platform that sets new boundaries for corporate privacy and security.

Sanderson Recruitment

Sanderson Recruitment

Sanderson is a recruitment company providing expert recruitment services in areas including Cyber & Information Security.

Charities Security Forum (CSF)

Charities Security Forum (CSF)

The Charities Security Forum is the premier membership group for information security people working for charities and not-for-profits in the UK.

Blockchain R&D Hub

Blockchain R&D Hub

Blockchain R&D Hub's mission is to serve the needs of blockchain ecosystem as the center of excellence for technology research and development.

Gorodissky IP Security

Gorodissky IP Security

Gorodissky IP Security is a comprehensive approach to protecting your intellectual property on the Internet and beyond.

Cyemptive Technologies

Cyemptive Technologies

Cyemptive's CyberSlice technology preempts and remove threats before they take hold, in seconds, compared to other’s hours, days, weeks and even months.

OurCrowd

OurCrowd

OurCrowd is a leading equity crowdfunding platform for investing in global startups.

Enea

Enea

Enea is one of the world’s leading specialists in software for telecommunications and cybersecurity. Our products are used to enable services for mobile subscribers, enterprise customers and IoT.

Binarly

Binarly

Binarly is a global firmware and software supply chain security company founded in 2021.

Herzing College

Herzing College

Herzing College Ottawa offers an accelerated 12-month Cybersecurity Specialist training program. This program is developed by industry experts and based on leading IT security certifications.

Acrisure

Acrisure

Acrisure is powered by the best of human and high-tech and offers insurance, reinsurance, real estate, cyber and more solutions to millions of clients around the world.

Occentus Network

Occentus Network

Occentus Network is a telecommunications service provider specialized in High Availability Servers & managed Cloud services.

EkoCyber

EkoCyber

EkoCyber partner with businesses as a value-added MSSP to provide top-tier, trusted and transparent cyber security services at an affordable price point.

Cynch Security

Cynch Security

Cynch Security are passionate about building a world where every business is resilient to cybersecurity risks, no matter what their size.