PASA is aware of current heightened interest from cybercriminals in the pensions sector. This has the potential to have a very serious impact unless administrators are properly protected because of people’s reliance on them to settle and pay their benefits from pension schemes. We are currently finalising detailed PASA Guidance on how to maintain resilience in the face of Cybercrime and have created Standards which will be incorporated into our Accreditation process. These will be published in September, in the meantime I strongly advise all administrators to make sure they understand their vulnerability to cybercrime through:
- Strengthening their cybercrime resilience and ensure all third-party suppliers are doing the same
- Ensuring they have independent assurance of this resilience
- Making sure that, if a cybercrime attack does take place they can still undertake all key functions, such as settling and paying benefits
Sadly, as was referenced by David Fairs of the Pension Regulator, it is not a question of ifthere will be an attack – it is a question of when. The Regulator’s Guidance on Cyber Security for Pension Schemes can be found here.
We can provide more detailed advice before the launch of the PASA Cyber Standards if required.