Hackers are "ahead in the game" when it comes to bypassing cyber-security and trustees must do more to protect members says RSM's Elisabeth Storey.
The auditing firm's associate director argued cyber-crime is a growing risk for the industry during a Pensions Management Institute (PMI) seminar in London on 19 April.
Current IT trends such as higher connectivity, more data sharing and remote working have created opportunities for criminals.
Therefore stepping up measures to secure member data and savings must be a priority.
However, RSM's latest annual report on cyber-security published in January revealed 25% of trustees still do not know they are responsible for fraud detection and protection.
Storey said: "Cyber-security is affecting the pensions industry and is a growing issue. Hackers can get assets and member data. Both are hugely valuable and the tools that hackers use evolve. There has been growth of a market on the dark web for information. Is there a degree of complacency about this? I'd say ‘yes'."
One example of a thwarted fraud attempt involved a master trust where someone impersonated a senior member of its finance team, she said.
The scammers sent an email to employers asking money to be sent to a different bank account. "Fortunately [the provider] spotted this and stopped it but imagine if they had not," Storey added.
Organisations that have been hacked fall into two categories: those which have been compromised and know about it and those which have been hacked but remain unaware.
Lack of awareness could lead to the underreporting of hacking. "Is this a ticking bomb which is going to explode in our faces?" Storey asked.
To mitigate these challenges, education and training for everyone involved in the scheme is critical. "Human error is involved in more than 95% of security incidents. People remain the weakest link and we must work to protect data as much as we can," Storey continued.
The event was hosted by Barnett Waddingham.
Defined benefit (DB) schemes that provide GMPs must revisit and, where necessary, top-up historic cash equivalent transfer values (CETVs) that have been calculated on an unequal basis, a landmark court judgment said last week.
Technology platform PensionSync has partnered with quantum employment pioneer My Digital to help contractors and employers manage pensions as more workers do temporary work for multiple firms.
Capita Pensions has partnered with data technology solutions firm Intellica to tackle the GMP equalisation challenges facing pension schemes.
The Hewlett Packard Retirement Benefit Plan has reappointed EQ Paymaster as its third-party administrator (TPA) for five years.
Schemes and their administrators have rightly received much praise for ensuring that pensions have continued to be paid in full and on time during an unprecedented period of disruption.