Quarter of schemes don’t have adequate cyber crime breach plan

The advisory company’s annual governance and risk management report, which polled 105 trustees of UK pension schemes, concluded that many schemes are ill-prepared to combat the increasing threat of cyber risks and fraud, since 22 per cent of all trustees surveyed failed to properly identify the key operations, IT systems and information flows vulnerable to cyber crime.

The research also showed that despite the reliance of schemes on outsourcing to third-party providers, almost a third (29 per cent) of respondents have not assessed the cyber vulnerability of their third-party suppliers, and therefore cannot attain assurance that risks are being managed appropriately.

The report also found that almost half (46 per cent) of schemes have not undertaken an independent review of the process for putting member benefits into payments.

 Crowe’s researchers also found “a worrying number of administrators still relying on old-fashioned identity verification methods that are highly susceptible to fraud”.

According to Andrew Penketh, national head of pension funds at Crowe, it is “no secret that 2020 will be remembered as a year of significant disruption and hardship for many businesses”.

“Yet for all the good work done, these latest results provide a clear takeaway for the industry: the risk of cyber crime and fraud cannot be ignored and is something that needs urgent remedying.”

Penketh noted that too few pension funds “are properly assessing the risks, too many are lacking the expertise to combat cyber attacks, and there is a clear deficit of efficacious fraud prevention procedures put in place across the board”.

He added: “A pension, in many ways, represents a life’s work. The industry must better protect the fruits of peoples’ labour, rather than funding early retirement for undeserving fraudsters. 

“We urge the industry to appreciate the seriousness of the risk posed by cyber crime and take appropriate measures in response.”