The Pensions Regulator (TPR) is calling on trustees to report significant cyber-related incidents as part of updated guidance to tackle the ongoing threat posed by cyber criminals.
Pension schemes are at risk of being targeted by cyber-attacks because of the large amounts of personal data and assets they hold.
TPR’s latest guidance helps trustees and scheme managers meet their duties to assess the risk, ensure controls are in place, and respond to incidents. The guidance will also be of use to scheme suppliers and advisers.
For the first time, TPR is asking trustees and scheme providers to report significant cyber incidents, so it can build a better picture of the cyber risk facing the industry and its members.
Interim Director of Regulatory Policy, Analysis and Advice Louise Davey said: “Cyber risk is complex, evolving and requires a dynamic response. It’s a very real threat as we have seen from events this year.
“We want industry to work openly and collaboratively together, and with us, to address the challenges of cyber threats and have a clear plan for when things go wrong. Doing so will make us all more resilient to attacks. As part of this, we want to hear about cyber-related incidents so our understanding of issues improves in real time.”