Building Resilience to Cybercrime

PASA is aware of current heightened interest from cybercriminals in the pensions sector. This has the potential to have a very serious impact unless administrators are properly protected because of people’s reliance on them to settle and pay their benefits from pension schemes. We are currently finalising detailed PASA Guidance on how to maintain resilience in the face of Cybercrime and have created Standards which will be incorporated into our Accreditation process.  These will be published in September, in the meantime I strongly advise all administrators to make sure they understand their vulnerability to cybercrime through:

  • Strengthening their cybercrime resilience and ensure all third-party suppliers are doing the same
  • Ensuring they have independent assurance of this resilience
  • Making sure that, if a cybercrime attack does take place they can still undertake all key functions, such as settling and paying benefits

Sadly, as was referenced by David Fairs of the Pension Regulator, it is not a question of ifthere will be an attack – it is a question of when. The Regulator’s Guidance on Cyber Security for Pension Schemes can be found here.

We can provide more detailed advice before the launch of the PASA Cyber Standards if required.

Jim Gee, Chair of the PASA Cybercrime Working Group
Partner and National Head of Forensic Servicesat Crowe UK LLP, PASA Expert Partner for Cybercrime and Fraud
Visiting Professor and Chair of the Centre for Counter Fraud Studies atUniversity of Portsmouth

About the Author

Lucy Collett