Hackers Want Your Pension

Uploaded on 2023-12-18 in FREE TO VIEW, BUSINESS-Services-Financial

Britain's  Pensions Regulator (TPR) has updated its cyber security guidance to help tackle the ongoing threat posed by cyber criminals, urging pension scheme trustees to report significant cyber-related incidents. 

In its guidance, TPR noted that pension schemes are at risk of being targeted by cyber-attacks because of the large amounts of personal data and assets they hold, stressing that trustees and scheme managers are accountable for the security of scheme information and assets. 

Given this, the revised guidance aims to help trustees and scheme managers meet their duties to assess the risk, ensure controls are in place, and respond to incidents. It is also expected to be of use to scheme suppliers and advisers.

In particular, TPR has, for the first time, asked trustees and scheme providers to report significant cyber incidents, so it can build a better picture of the cyber risk facing the industry and its members. "We are keen to work with the industry to ensure that savers are adequately protected, and share good practice and insight. Open and transparent dialogue is particularly important for handling cyber risk," TPR stated in the guidance.

"We are asking schemes, their advisers and providers to report significant cyber incidents to us on a voluntary basis, in an open and co-operative way, as soon as reasonably practicable. You do not need to conduct the full incident investigation before reporting to us."

However, TPR clarified that reporting an incident the regulator does not replace existing legal requirements, such as the need to report a personal data breach to the Information Commissioner's Office (ICO) without undue delay.
The guidance also emphasised that trustees are legally required to report breaches of pensions law where these are likely to be of material significance, including where these arise from a cyber incident, for example if it leaves the scheme unable to process core transactions promptly and accurately, such as benefit payments.

Commenting on the new guidance, the TPR director of regulatory policy, analysis & advice, Louise Davey, said: “Cyber risk is complex, evolving and requires a dynamic response. It’s a very real threat as we have seen from events this year...  “We want industry to work openly and collaboratively together, and with us, to address the challenges of cyber threats and have a clear plan for when things go wrong. Doing so will make us all more resilient to attacks. 

"As part of this, we want to hear about cyber-related incidents so our understanding of issues improves in real time."

TPR:    Pension Age:     Law360

You Might Also Read:

US Pension Fund Hit By MoveIT Vulnerability:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Ukrainian Mobile Operator Suffers A Large-Scale Cyber Attack 
Five Tips for Securing Your CI/CD Pipeline »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Securezoo

Securezoo

Securezoo's mission is to simplify and enhance information security by providing trusted security guidance, products, and information to small and mid-sized businesses and security professionals.

Radware

Radware

Radware is a global leader of application delivery and cyber security solutions for virtual, cloud and software defined data centers.

Security Research Labs (SRLabs)

Security Research Labs (SRLabs)

Security Research Labs is a Berlin-based hacking research collective and consulting think tank.

S2 Grupo

S2 Grupo

S2 Grupo is the benchmark company in Europe and Latin America, for Cyber Intelligence and mission critical systems operations.

Sonda

Sonda

SONDA is the leading systems integrator and IT service provider in Latin America.

BoldCloud

BoldCloud

BoldCloud's award winning Cybersecurity Advisory services and Layered Security approach adds new critical layers of protection for your data and your business.

White Cloud Security

White Cloud Security

White Cloud is a cloud-based Application Trust-Listing security service that prevents unauthorized programs from running on your computers.

Antares NetlogiX

Antares NetlogiX

Antares Netlogix are a leading Austrian service provider for IT security, critical infrastructures and managed security services.

Bigbee Technology

Bigbee Technology

Bigbee Technology are an IT solutions company based in Dar es Salaam founded by a group of professionals from around the globe.

Cyber Security for Europe (CyberSec4Europe)

Cyber Security for Europe (CyberSec4Europe)

CyberSec4Europe is designing, testing and demonstrating potential governance structures for a European Cybersecurity Competence Network.

West Midlands Cyber Resilience Centre (WMCRC)

West Midlands Cyber Resilience Centre (WMCRC)

The East Midlands Cyber Resilience Centre supports and helps protect SMEs and supply chain businesses and third sector organisations in the region against cyber crime.

SecureOps

SecureOps

SecureOps is transforming the Managed Security Service Provider industry by providing tailored cybersecurity solutions proven to protect organizations from cyberattacks.

Profian

Profian

Profian’s hardware-based solutions maintain your data's confidentiality and integrity in use, providing true confidential computing to meet regulatory and audit requirements.

Phronesis Security

Phronesis Security

Phronesis Security is committed to delivering world-class cyber security consulting with a tangible social and environmental impact.

Department of Homeland Security (DHS)

Department of Homeland Security (DHS)

The Department of Homeland Security has a vital mission: to secure the nation from the many threats we face. Our duties are wide-ranging, but our goal is clear - keeping America safe.

Alethea

Alethea

Alethea is a technology company helping companies, nonprofits, and democracies protect themselves from harms stemming from disinformation and social media manipulation.