Pension Funds Insider

Pension Funds Insider brings the latest pensions news and industry insights; from investment and governance updates to new mandate appointments and pensions regulatory information.

Cyber risk at forefront of pension scheme concerns

04 August 2017

Image for Cyber risk at forefront of pension scheme concerns

Risks posed by cyber security and data protection are high on the list of pension scheme's concerns, according national audit, tax and advisory firm Crowe Clark Whitehill.

Results of the firm's Pension Risk Management Survey 2017 showed that cyber security is a key risk area for both Defined Contribution (DC) and Defined Benefit (DB) schemes.

Cyber security is the fourth biggest concern for trustees of DC schemes, behind delivering value for members, fund design, and poor communication.

For DB schemes, it is the fifth biggest concern, after funding volatility, the strength of the employer covenant, implementing an appropriate investment strategy, and investment under-performance.

Eddie Hodgart, risk and assurance director at Crowe Clark Whitehill, said schemes are fully aware of the value of their data.

"There is an awareness within schemes that the personal data that they hold is a valuable commodity and that they need to act to ensure that their members' information is protected," he said.

"However, while most trustees are comfortable managing financial and regulatory risks, many feel out of their depth with non-traditional risks such as cyber security and more work is needed to educate them on managing the new and non-traditional risks that impact schemes."

The research also highlights that not enough time is being spent managing pensions risk.

Nearly 30% of pension schemes surveyed had not reviewed their risk register in the last six months, with 8% not having done so in the last 12 months.

Additional findings also showed that approaches to formally managing pension risk vary considerably within the pensions profession, with smaller schemes identified as spending the smallest proportion of time reviewing their pensions risks and rely heavily on their external consultants for support.

Hodgart added: "Despite significant political, economic and social change in recent months, many schemes have not reviewed their risks, and those who have, on the whole, are not making significant changes."

He urged trustees to get to grips with the risks posed by cyber security threats by fully understanding how their schemes could be affected – and taking steps to mitigate them.

"While resources for smaller arrangements may be limited, the end outcome of a poorly managed scheme is the same irrespective of size – members may lose a proportion of their pension.

"Effective risk management practices should apply equally to all pension arrangements irrespective of size."

First published 04.08.2017