Pensions - Articles - Trustees must review cyber monitoring after NCSC change


Trafalgar House has urged schemes to ensure they, and their advisors, review their cyber incident monitoring and reporting frameworks in light of the changes to weekly threat reporting that have been made by the National Cyber Security Centre (NCSC). A change at the end of last year in the reporting framework from the NCSC has meant that threat and incident analysis is no longer available from their usual reporting sources.

 Stephen Wright, Head of IT, said: “The change in NCSC threat reporting frameworks, which came into effect at the end last year, significantly alter the way advisories are issued and reported. Cybersecurity has fast become one of the biggest threats to schemes. Data breeches, scamming, ransomware, fraud - these have all become the stuff of trustee nightmares. And the sophistication of those threats is evolving rapidly, so it is important that schemes stay as far ahead of them as possible with comprehensive and proactive defense measures. It’s also imperative to check-in regularly with advisors that their measures are robust, and reports are undertaken frequently to demonstrate progression of mitigation of all vulnerabilities. A onetime spot check is simply not enough in this environment.

 “There are some immediate actions schemes could, and should, take:

 • Verify cyber threat analysis updates: Confirm that all your advisers are proactively updating and refining their cyber threat analysis reports. It's crucial that they regularly review and enhance their threat intelligence capabilities to protect against evolving cyber threats.
 • Enquire about intelligence sharing participation: Directly question your advisers on their involvement with intelligence sharing networks, such as the Cyber Information Sharing Partnership (CiSP). Participation in such frameworks is essential for staying informed about imminent threats and adopting best-practice responses.
 • Clarify threat identification and management: Gain a clear understanding of the mechanisms your advisers use to detect relevant cyber threats and incidents. Request detailed explanations on how these are integrated into their active risk management processes, ensuring a robust defence mechanism is in place.
 • Demand comprehensive and ongoing threat reporting: Insist on receiving frequent, detailed reports covering the spectrum of threat management activities—highlighting ongoing, resolved, and potential threats. These reports should demonstrate a continuous commitment to cyber security, reflecting an adaptive and responsive strategy to evolving cyber threats.
 • Check the procedures your advisors have in place – are they robust enough? Are they being constantly evaluated and updated?! What are vulnerability scores? Do they adequately protect their business and client data?”

 Wright added: “Sadly, the issue of cyber security isn’t going anywhere but the good news is there is a lot that schemes can do to stay ahead of the curve and protect members.”
  

Back to Index


Similar News to this Story

Four in ten firms are very likely to introduce CDC pension
Nearly half of all DC schemes (41%) said they are ‘very likely’ to introduce a Collective Defined Contribution (CDC) pension scheme – or a risk sharin
Liquid alternatives can increase pension schemes resilience
Aon has said that liquid alternative assets can help UK pension schemes position their portfolios for greater resilience, while still meeting their re
DC Master Trust member outcomes see big improvement
Outcomes for members of DC Master Trusts have significantly improved since the period of gilt market volatility in 2022, says Hymans Robertson in its

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

Email
Password
 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS

WikiActuary

Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.