Over the past 12 months, cyber risk has leapt up the agenda of pension schemes and sponsors. As holders of large volumes of personal and financial data, pension schemes have the potential to become increasingly attractive targets for cyber criminals.
For most pension schemes, the key risks relate to member data, financial transactions and the reputation of the sponsor. As well as holding a great deal of personal data, UK pension schemes manage around £3 trillion worth of assets - with regular flows of money taking place - and store associated financial information. Loss of data could also cause huge reputational damage to not only the scheme but also to the sponsoring employer.
Paul McGlone, partner at Aon Hewitt, said: “Some trustees may believe that cyber risk evaluations have already been undertaken by their sponsor or administration partners, but it’s important that they take responsibility for reviewing their own scheme’s protections and ensuring that sufficient defences and insurance are in place.
”The combination of Aon and Stroz Friedberg’s cybersecurity capabilities uniquely positions us to advise on pension scheme risks to help schemes, sponsors, their advisers and administrators to review their cyber security approach and to have the relevant protections and plans in place in the event of a data breach.”
The key elements of the Cyber Resilience Framework are:
• Assess - Identifying critical risks and assessing the organisation’s preparedness
• Test - Uncovering, testing and remediating vulnerabilities both of schemes and of outsourced functions
• Improve - Preparing, optimising, and enhancing security governance, and introducing incident detection and breach protocols
• Quantify - Quantifying the financial impact from cyber risks to inform risk reduction and transfer strategies
• Transfer – Exploring risk transfer solutions such as cyber insurance to minimise balance sheet risk
• Respond - Limiting business disruption, minimising economic loss, and expediting the claims management process
Paul McGlone continued: “The Aon Cyber Resilience Framework applies to pension schemes as a practical way of assessing and managing cyber exposure through various lenses and ensuring that the resulting actions help to enhance the scheme's cyber resilience. This includes assessing and quantifying the impact of cyber risk, and applying appropriate mitigation, response, and insurance solutions.”
|