Pensions - Articles - Trustees must review cyber monitoring after NCSC change


Trafalgar House has urged schemes to ensure they, and their advisors, review their cyber incident monitoring and reporting frameworks in light of the changes to weekly threat reporting that have been made by the National Cyber Security Centre (NCSC). A change at the end of last year in the reporting framework from the NCSC has meant that threat and incident analysis is no longer available from their usual reporting sources.

 Stephen Wright, Head of IT, said: “The change in NCSC threat reporting frameworks, which came into effect at the end last year, significantly alter the way advisories are issued and reported. Cybersecurity has fast become one of the biggest threats to schemes. Data breeches, scamming, ransomware, fraud - these have all become the stuff of trustee nightmares. And the sophistication of those threats is evolving rapidly, so it is important that schemes stay as far ahead of them as possible with comprehensive and proactive defense measures. It’s also imperative to check-in regularly with advisors that their measures are robust, and reports are undertaken frequently to demonstrate progression of mitigation of all vulnerabilities. A onetime spot check is simply not enough in this environment.

 “There are some immediate actions schemes could, and should, take:

 • Verify cyber threat analysis updates: Confirm that all your advisers are proactively updating and refining their cyber threat analysis reports. It's crucial that they regularly review and enhance their threat intelligence capabilities to protect against evolving cyber threats.
 • Enquire about intelligence sharing participation: Directly question your advisers on their involvement with intelligence sharing networks, such as the Cyber Information Sharing Partnership (CiSP). Participation in such frameworks is essential for staying informed about imminent threats and adopting best-practice responses.
 • Clarify threat identification and management: Gain a clear understanding of the mechanisms your advisers use to detect relevant cyber threats and incidents. Request detailed explanations on how these are integrated into their active risk management processes, ensuring a robust defence mechanism is in place.
 • Demand comprehensive and ongoing threat reporting: Insist on receiving frequent, detailed reports covering the spectrum of threat management activities—highlighting ongoing, resolved, and potential threats. These reports should demonstrate a continuous commitment to cyber security, reflecting an adaptive and responsive strategy to evolving cyber threats.
 • Check the procedures your advisors have in place – are they robust enough? Are they being constantly evaluated and updated?! What are vulnerability scores? Do they adequately protect their business and client data?”

 Wright added: “Sadly, the issue of cyber security isn’t going anywhere but the good news is there is a lot that schemes can do to stay ahead of the curve and protect members.”
  

Back to Index


Similar News to this Story

4 ways completing a tax return can help boost your pension
Missing the Self-Assessment deadline not only risks a penalty for late filing but could cost individuals hundreds, if not thousands of pounds in uncla
DWP holds AE thresholds with GBP90bn of pensions expected
The DWP has issued its review of the Automatic Enrolment Earnings Trigger and Qualifying Earnings Band for 2025/26, retaining all three thresholds at
Response to Triple Lock means testing comments
Aegon has called for ‘a future focused debate on a sustainable state pension’ following comments on the Triple Lock by Conservative leader Kemi Badeno

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

Email
Password
 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS

WikiActuary

Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.