The number of nationally significant attacks has more than doubled in the past year, with high-profile incidents at Marks & Spencer, Harrods and the Co-op showing how damaging breaches can be. Government reports have also highlighted severe resilience gaps across critical national systems, underscoring the urgency for stronger defences.
Against this backdrop, Trafalgar House warns trustees to remain vigilant and to ensure they are receiving accurate and comprehensive reporting from their administrator. Without this visibility, trustees risk being unable to properly monitor threats or take timely action to protect members’ data and scheme integrity.
Daniel Taylor, Director at Trafalgar House, said: “Trustees increasingly recognise that cyber resilience is a critical governance responsibility, but it can be difficult to judge what good looks like in practice. One of the most valuable steps they can take is to ask their administrators the right questions. Are defences being tested on a regular basis? Are vulnerabilities identified and resolved quickly? Can recovery procedures be proven and evidenced? Trustees should expect clear reporting on these points, not generic risk scores, so they can be confident that their schemes are protected.”
“Administrators should be able to demonstrate transparency in their approach, whether that is through continuous threat monitoring, evidence of vulnerabilities being resolved, or the results of recovery testing and staff readiness exercises. These are the practical indicators that give trustees assurance and allow them to hold providers to account. The recent cyberattacks affecting large firms such as Marks & Spencer, Harrods and the Co-op are a powerful reminder of how damaging these incidents can be, not only financially but also in terms of public trust. For trustees, the lesson is clear, cyber resilience must stay high on the agenda, and it starts with demanding the right evidence from your providers.”
|
