UK Investment Guides Loader

Quarter of pension schemes not prepared for cyber breach

written by Bella Palmer

A worrying number of administrators rely on outdated identity verification methods that are highly susceptible to fraud, according to Crowe

A quarter of UK pension schemes do not have an adequate cybercrime breach plan, despite cybercrime being one the top risks they face, a new survey has uncovered.

According to the findings from professional services firm Crowe, 22% of schemes are failing to properly identify the key operations, IT systems and information flows vulnerable to cyber attacks.

Moreover, nearly a third said that they had not assessed the cyber vulnerability of their third-party suppliers, and therefore could not attain assurance that risks are being managed appropriately.

Crowe’s researchers also found a “worrying” number of administrators relying on outdated identity verification methods that are highly susceptible to fraud, and that almost half of schemes had not undertaken an independent review of the process.

These latest results provide a clear takeaway for the industry: the risk of cybercrime and fraud cannot be ignored and is something that needs urgent remedying, said Andrew Penketh, national head of pension funds at Crowe.

Too few pension funds are properly assessing the risks, too many are lacking the expertise to combat cyber attacks, and there is a clear deficit of efficacious fraud prevention procedures put in place across the board, he said.

Even for those pensions schemes that may have adequately assessed the risk of external threats, dishonest employees can still identify and exploit vulnerabilities.

Even as awareness of the threat is at all time high, 42% of schemes still did not have access to the specialist skills required to investigate and combat cybercrime, with 59% not providing cybercrime scenario-based training to trustees.

Jim Gee, head of forensic services at Crowe, highlighted government figures suggesting a 92% increase in incidents of cybercrime since the outbreak of COVID-19, and said that pension schemes are particularly vulnerable. They are responsible for rich seams of personal data often collected over many years which is attractive for cyber criminals to steal and attack others.

They are also vulnerable to ransomware attacks because cybercriminals believe that the pressure to continue to make pension payments might induce pension schemes to pay the ransom which has been demanded, Gee said.

He said that trustees need to make sure that their schemes and third party suppliers have the right policies in place, the right training, and access to the right specialist skills. There is no time to waste because when it comes to cyber-attacks, it is not a case of if, but when.


The opinions expressed by our writers are their own and do not represent the views of UK Investment Guides. The information provided on UK Investment Guides is intended for informational purposes only. UK Investment Guides is not liable for any financial losses incurred. Conduct your own research by contacting financial experts before making any investment decisions.

Share this post with friends!