menu close EventsNewsContact Us search close
Global Site close
  • Americas
  • Asia Pacific
  • Europe
  • Middle East and Africa
ArgentinaArubaBahamasBarbadosBoliviaBrazilCanadaCayman IslandsChileColombiaCosta RicaCuracaoDominican RepublicEcuadorEl SalvadorGuatemalaHondurasMexicoPanamaParaguayPeruPuerto RicoSaint MartinSurinameUnited StatesUruguayVenezuela
AfghanistanAustraliaCambodiaChinaFrench PolynesiaHawaiiHong KongIndiaIndonesiaJapanMacauMalaysiaMaldivesMongoliaMyanmarNepalNew ZealandPakistanPhilippinesSingaporeSouth KoreaSri LankaTaiwanThailandVietnam
AlbaniaAndorraArmeniaAustriaAzerbaijanBelgiumBulgariaCroatiaCyprusCzech RepublicDenmarkEstoniaFinlandFranceGeorgiaGermanyGreeceHungaryIrelandItalyKazakhstanLatviaLiechtensteinLithuaniaLuxembourgMaltaMoldovaNetherlandsNorwayPolandPortugalRomaniaSerbiaSlovakiaSloveniaSpainSwedenSwitzerlandTajikistanTurkeyUkraineUnited KingdomUzbekistan
AlgeriaAngolaBahrainCameroonCentral African RepublicCôte d’IvoireEgyptGhanaIraqJordanKenyaKuwaitLebanonLiberiaMaliMauritiusMoroccoMozambiqueNigeriaOmanQatarSaudi ArabiaSenegalSeychellesSierra LeoneSouth AfricaTanzaniaTogoTunisiaUgandaUnited Arab EmiratesYemenZimbabwe
Services
close Services
Tax
Services
Industries
close Industries
Industries
Insights
close Insights
Insights
About Us
close About Us
About Us
Careers
close Careers
Careers
EventsNewsContact Us
search close
Lady looking into distance

The Pensions Regulator launches new cyber security guidance

Tim Robinson, Partner, Forensic Services
12/12/2023
Lady looking into distance
New voluntary reporting of cyber incidents now included to help improve the understanding of issues affecting schemes.
Pension schemes are attractive targets to cybercriminals due to the significant amount of assets and personally identifiable information (PII) of their members they hold. Coupled with the imperative to pay member’s benefits on time, this makes them particularly vulnerable to extortion via ransomware attacks.

To help fight back the Pensions Regulator (TPR) launched new guidance on Monday 11 December 2023 for pension scheme trustees and scheme managers. It will help them to meet their duties to assess cyber risk, ensure appropriate cyber controls are in place and respond effectively in the event of a cyber incident. The guidance will therefore also be of interest to pension scheme suppliers and advisors, with the former being required to deliver on many aspects of the guidance.

What does it include?

The guidance covers a range of topics and practical steps that are integral to help build cyber resilience and meet the expectations set out in the draft General Code of Practice. These include:

  • what is cyber risk
  • your role
  • assessing and understanding the risk
  • ensuring controls are in place
  • responding to incidents
  • reporting an incident
  • links to more information.

What is new?

In addition to reiterating valuable advice to meet the expectations of the draft General Code, TPR is now asking schemes, their advisers and providers, to report significant cyber incidents to it on a voluntary basis, in an open and cooperative way, as soon as reasonably practicable.

A significant cyber incident is likely to result in:

  • a significant loss of member data
  • a disruption to member services
  • a negative impact on a number of other pension schemes or pension service providers.

This follows the action taken by TPR earlier in 2023 when it wrote to trustees whose schemes were impacted by the cyber attack on Capita, reminding them of their existing legal reporting responsibilities and asking to be kept up to date as the cyber investigation progressed.

The message from TPR

Louise Davey, Interim Director of Regulatory Policy, Analysis and Advice at TPR commented on the guidance:

“Cyber risk is complex, evolving and requires a dynamic response. It’s a very real threat as we have seen from events this year.

"We want industry to work openly and collaboratively together, and with us, to address the challenges of cyber threats and have a clear plan for when things go wrong. Doing so will make us all more resilient to attacks.

"As part of this, we want to hear about cyber-related incidents so our understanding of issues improves in real time.”

Need further support?

The guidance will help many to understand what activities they need to do now, and in the future, to respond to the complex and rapidly evolving threat. However, trustees should continue to review whether they have access to genuinely specialist advice concerning how to properly protect their pension schemes and meet the expectations of the General Code.

The Forensic Services team at Crowe are specialists in this area and work with a range of schemes to understand and meet the requirements of TPR. Please contact Tim Robinson if you would like to discuss the new guidance and how it impacts your scheme.

Insights

Specialist services Forensics, Tax Resolutions, Forensic
How our specialist services can support your clients when the expertise is outside your remit.
Do you suspect a fraud has occurred?
The initial stages of a fraud investigation are incredibly important - the do and don'ts.
Top 10 scams to look out for this festive period
We cover what we think are the top 10 Christmas scams of 2022.

Contact us

Tim Robinson
Tim Robinson
Partner, Forensic Services
London
+44 (0)20 7842 7164
Read full CV

Related services

Forensic Services Pension Funds