General Insurance Article - Mixed state of cyber security among UK pension schemes

Aon have released ‘Cyber Threats to Corporate Pension Schemes’, a new survey drawn from information included in Aon’s Pension Cyber Scorecard. It shows the mixed state of cyber resilience and maturity across the UK’s pension schemes.

 The new report was compiled from the individual assessments of over 100 pension schemes, ranging in size from under £10 million to over £10 billion. It includes greater representation of large schemes (40% had assets of more than £1 billion), which reflects how larger schemes have responded more quickly to dealing with the issue of cyber threats - but also to completing an assessment of their approach.

 Paul McGlone, partner at Aon, said: “We launched the Aon Pension Cyber Scorecard as a tool for UK trust-based pension schemes to assess their cyber resilience across a range of areas, and as a means of comparison with other schemes.

 More than 100 UK schemes have now used the scorecard, so we have a detailed view of the state of preparedness across the industry – and it is a mixed picture.

 “We can see that some schemes have strong governance across all areas, while others are only starting their cyber journey.

 However, the scorecard also provides a road map for how a scheme can take its cyber controls from novice to proficient in relatively short order.”

 Vanessa Jaeger, principal consultant at Aon, said: “In many respects, it’s encouraging that the position across the industry is changing quickly. The very nature of cyber risk means that it is an evolving area in which even the biggest, best resourced, best prepared schemes can’t think ‘job done’ and relax. This is an area that requires periodic assessment to stay on top of the latest challenges.”

 Key findings
 • Around three in five schemes have a cyber strategy
 • 75% of trustees have training on cyber risks. But fewer than one in five schemes have clearly documented cyber hygiene policies.
 • Trustee portals are by far the most common way of sharing information (70%) and data (86%).
 • Assessment of cyber controls at administrators is extensive, with almost 90% of schemes conducting checks.
 • The majority of schemes do not use specialist expertise to assess the cyber checks of providers such as administrators.
 • Over 90% of schemes have a data breach policy, but over a third of schemes still send investment instructions in unencrypted emails.
 • Only two in five schemes have a robust incident response plan, despite guidance from the Pensions Regulator that schemes should have one in place.
 • Over 60% of schemes have not assessed the potential financial impact of a cyber attack.
 • Only 2% of schemes have a cyber insurance policy.

 Paul McGlone said: “Responses in our assessments did vary somewhat by size, with larger schemes performing better on average. However, we concluded that size was not the key determining factor of cyber resilience. Rather, it is what the market calls ‘cyber maturity’, with trustee awareness of the issue being a key factor in driving action and maintaining watchfulness.

 “Schemes that have identified and understood the issues and then taken steps to address them, come out of the Scorecard assessment well. Schemes that have not yet engaged with the issues, do not. On the plus side, we believe that many improvements can be made swiftly.”

 Vanessa Jaeger said: "As well as being of interest to trustees, the potential impact of cyber risk on pension schemes should be of definite interest to sponsors, who ultimately pick up the cost of any incident as well as reputational impact. Any sponsor that doesn't know how their scheme is managing cyber risk should be asking that question."

 ‘Cyber Threats to Corporate Pension Schemes’

Back to Index

Similar News to this Story

Chancellor must prioritise sustainability in Budget
The Institute and Faculty of Actuaries (IFoA), Lord Bird and a number of other organisations have joined forces to urge the government to carefully co
Stars call for government insurance scheme for live events
Some of the UK’s most legendary performers are among those calling on the UK Government to commit to underwrite cancellation costs of events such as m
Global insurers unite to tackle climate risk
The Geneva Association’s new report, Climate Risk Assessment for the Insurance Industry, finds that, for both P&C and life re/insurers, climate change

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS


Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.