Pensions - Articles - Is the pensions industry ready for cyber-attacks and GDPR

 Pension schemes, the vast sums of money in them, and the personal information they hold such as bank details and national insurance numbers, mean they are a key target for organised cybercrime units. Should a cyber-attack take place, which is looking ever more likely due to advances in technology, the consequences, which may go unnoticed for many years, could be catastrophic for the victims.

 For too long this real threat has been overlooked by pension scheme trustees or put to the bottom of the to do list, which is understandable given that trustees main priority is undoubtedly looking to manage increasing pension scheme deficits in this low interest rate environment. But now is the time that action needs to be taken. For the latter part of 2017, it is crucial that pension scheme trustees move cyber security to the top of their agenda and, if required, appoint sufficiently skilled cyber security experts to oversee and protect the confidential details they are responsible for.

 This is compounded further as trustees should also be planning for the new European Union’s General Data Protection Regulation (GDPR) that comes into force next May, and with it will come strict new rules about how such personal data is protected and huge fines for those that do not comply. Therefore, it makes perfect sense that trustees should invest time and money now to ensure they are not only compliant with the new rules, but also ahead of the game.

 Even the Pensions Regulator (TPR) is not immune to cyber-attacks and recently admitted that it has been on the receiving end of a partially successful ransomware attack but that it had blocked over 40,000 other attempts. This proves the industry is under attack and action needs to be taken sooner rather than later.