UK pension funds “underprepared” against cybercrimewritten by Bella Palmer
The report by Crowe found 29% of all schemes have not assessed the cyber vulnerability of their third-party suppliers
According to research by Crowe, UK pension funds are “underprepared” against the risks posed by cybercrime and fraud.
The national audit, tax, advisory and risk firm's Governance and Risk Management report revealed trustees view cybercrime as the top risk to pension schemes.
Despite this, the report found 25% of schemes do not have an adequate plan to tackle cybercrime breach, while 22% are unaware of which of their key operations and IT systems are most vulnerable to fraud.
The report also found 29% of all schemes have not assessed the cyber vulnerability of their third-party suppliers meaning they cannot be sure risks are being managed appropriately.
Crowe also revealed nearly half (46%) of schemes have not undertaken an independent review of the process for putting member benefits into payments. It also found a "worrying number" of administrators still relying on outdated identity verification methods that are highly vulnerable to fraud.
The firm revealed even for those pensions schemes that may have adequately assessed the risk of external threats, "dishonest employees can still identify and exploit vulnerabilities".
National head of pension funds Andrew Penketh said: It's no secret that 2020 will be remembered as a year of significant disruption and hardship for many businesses. Yet for all the good work done, these latest results provide a clear takeaway for the industry: the risk of cybercrime and fraud cannot be ignored and is something that needs urgent remedying.
Too few pension funds are properly assessing the risks, too many are lacking the expertise to combat cyber-attacks and there is a clear deficit of efficacious fraud prevention procedures put in place across the board, Penketh said.
A pension, in many ways, represents a life's work, he continued. The industry must better protect the fruits of peoples' labour, rather than funding early retirement for undeserving fraudsters. We urge the industry to appreciate the seriousness of the risk posed by cybercrime and take appropriate measures in response.
Partner and head of forensic services Jim Gee added: The latest government statistics show that, since the advent of Covid-19, there has been a 92% increase in incidents of cybercrime and that cybercrime and fraud now represent over 50% of all crime.
He said that pension schemes are particularly vulnerable to cybercrime, for two reasons. They are responsible for rich seams of personal data often collected over many years which is attractive for cyber criminals to steal and attack others. They are also vulnerable to ransomware attacks because cybercriminals believe that the pressure to continue to make pension payments might induce pension schemes to pay the ransom which has been demanded.
This article is for information purposes only.
Please remember that financial investments may rise or fall and past performance does not guarantee future performance in respect of income or capital growth; you may not get back the amount you invested.
There is no obligation to purchase anything but, if you decide to do so, you are strongly advised to consult a professional adviser before making any investment decisions.