Pension suppliers reported a staggering quadruple-digit proportion enhance in information breaches to the UK regulator final yr, in line with new information compiled by skilled companies agency RPC.
The London-based follow analyzed reviews to the Info Commissioner’s Workplace (ICO) within the yr to June 30 2023.
It discovered that the pension sector suffered simply six cyber-attacks main to a knowledge breach in 2021/22, rising to 246 the next yr – a 4000% enhance.
That made the sector the worst hit within the monetary companies vertical. General, monetary companies companies recorded a 242% enhance in cyber-attacks resulting in breaches – from 187 incidents to 640 over the identical interval.
RPC claimed that pension funds are an apparent goal for ransomware actors particularly, as a result of massive volumes of delicate and extremely monetizable monetary and private data they maintain, and the necessity to preserve programs up-and-running to pay pensioners with out disruption.
Learn extra on monetary companies threats: Monetary Providers Focused in 28% of UK Cyber-Assaults Final Yr
RPC companion and head of cyber and tech insurance coverage, Richard Breavington, argued that pension fund trustees may very well be liable in the event that they fail to handle cyber-risk appropriately.
“Cybersecurity is prime to pension scheme trustees’ authorized duties. It’s a trigger for concern that so many monetary companies companies, particularly pension schemes, have suffered some type of cyber-attack, leading to an information breach,” he added.
“The idea may generally be that main monetary companies companies have sturdy cyber defenses in order that they’re impervious – that actually hasn’t stopped hackers persevering with to attempt.”
Nevertheless, Caleb Mills, skilled companies director at Doherty Associates, steered the spike in reviews to the ICO may very well be interpreted positively – as an indication extra monetary companies companies are discovering and notifying the regulator of incidents.
“A holistic strategy to cybersecurity is crucial, demanding fixed monitoring and well timed updates throughout each hyperlink within the provide chain,” he added.
“The results of failing to keep up a strong safety posture are profound; they lengthen past monetary implications to lasting reputational harm ought to a monetary companies enterprise fall sufferer to a knowledge breach. The stakes are excessive, and the necessity for vigilance has by no means been extra evident.”
