Pensions - Articles - Pension trustees must review cyber controls regularly

 Earlier this month the government launched its National Cyber Security Centre (NCSC) Cyber Governance Code of Practice, providing organisations with clear guidance and best practice on managing cyber risks.

 Stuart Leach, partner, RSM UK said: “These recent attacks on retailers serve as a warning to pensions trustees to continuously assess and tighten up their cyber security measures. Pensions trustee boards are accountable for effective governance, cyber controls, resilience, and importantly robust plans to respond effectively to cyber incidents. The first line of defence against cyberattacks is often employees, so it’s important to also ensure staff are regularly trained and educated on cyber risks and how to spot attempts to access systems via increasingly sophisticated phishing emails (e.g. ClickFix Phish), or links to bogus websites.

 “We welcome the government’s recent Code of Practice which supports businesses in governing their cyber risks to enhance operational resilience. With increasing geo-political tensions and highly sophisticated cyber criminals now operating on an industrial scale, motivated by financial gain and destabilisation, the threat landscape will only increase, with broader targeting across industries. This raises a question of whether the current voluntary code goes far enough?

 “The Cyber Governance Code of Practice states that half (50%) of businesses and two thirds (66%) of high-income charities experienced some form of cyber security breach or attack in the last 12 months, with the prevalence of attacks being even higher amongst medium businesses (70%) and large businesses (74%)*. This serves as a stark reminder to pensions trustees that there’s more to be done to improve cyber resilience and keep pace with new emerging threats.”