Pensions - Articles - Trustees must review cyber monitoring after NCSC change


Trafalgar House has urged schemes to ensure they, and their advisors, review their cyber incident monitoring and reporting frameworks in light of the changes to weekly threat reporting that have been made by the National Cyber Security Centre (NCSC). A change at the end of last year in the reporting framework from the NCSC has meant that threat and incident analysis is no longer available from their usual reporting sources.

 Stephen Wright, Head of IT, said: “The change in NCSC threat reporting frameworks, which came into effect at the end last year, significantly alter the way advisories are issued and reported. Cybersecurity has fast become one of the biggest threats to schemes. Data breeches, scamming, ransomware, fraud - these have all become the stuff of trustee nightmares. And the sophistication of those threats is evolving rapidly, so it is important that schemes stay as far ahead of them as possible with comprehensive and proactive defense measures. It’s also imperative to check-in regularly with advisors that their measures are robust, and reports are undertaken frequently to demonstrate progression of mitigation of all vulnerabilities. A onetime spot check is simply not enough in this environment.

 “There are some immediate actions schemes could, and should, take:

 • Verify cyber threat analysis updates: Confirm that all your advisers are proactively updating and refining their cyber threat analysis reports. It's crucial that they regularly review and enhance their threat intelligence capabilities to protect against evolving cyber threats.
 • Enquire about intelligence sharing participation: Directly question your advisers on their involvement with intelligence sharing networks, such as the Cyber Information Sharing Partnership (CiSP). Participation in such frameworks is essential for staying informed about imminent threats and adopting best-practice responses.
 • Clarify threat identification and management: Gain a clear understanding of the mechanisms your advisers use to detect relevant cyber threats and incidents. Request detailed explanations on how these are integrated into their active risk management processes, ensuring a robust defence mechanism is in place.
 • Demand comprehensive and ongoing threat reporting: Insist on receiving frequent, detailed reports covering the spectrum of threat management activities—highlighting ongoing, resolved, and potential threats. These reports should demonstrate a continuous commitment to cyber security, reflecting an adaptive and responsive strategy to evolving cyber threats.
 • Check the procedures your advisors have in place – are they robust enough? Are they being constantly evaluated and updated?! What are vulnerability scores? Do they adequately protect their business and client data?”

 Wright added: “Sadly, the issue of cyber security isn’t going anywhere but the good news is there is a lot that schemes can do to stay ahead of the curve and protect members.”
  

Back to Index


Similar News to this Story

Wish list for the occupational pensions industry in 2025
As one year closes and another begins, it's an opportune moment to set our sights on the future. The UK occupational pensions industry faces nume
PSIG announces outcome of Consultation
The Pensions Scams Industry Group (PSIG), which was established in 2014 to help protect pension scheme members from scams, today announced the feedbac
Transfer values fell to a 12 month low during November
XPS Group’s Transfer Value Index reached a 12-month low, dropping to £151,000 during November 2024 before then recovering to its previous month-end po

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

Email
Password
 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS

WikiActuary

Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.