Ransomware is the most likely type of cyber attack on pensions says RSM head of pensions Ian Bell.
In a speech on 20 October at the annual Pensions and Lifetime Savings Association conference, Bell reflected that a move against a third-party administrator (TPA) was the most viable way to get money from schemes.
Usually a ransomware attack involves an individual or group sending an email to a targeted organisation or company.
This email is then opened by a member of that organisation which paralyses key functions of that firm's internal systems.
Once a ransom has been paid to the criminals they might restore the paralysed system.
Bell explained how an attack on a TPA might work in practice.
"I think the first type of attack could be a ransomware used on an administrator to block services. These criminals are clever and set ransoms at a level which the organisation can pay and also be recovered from the insurers," he said.
Bell's favourite example of a ransomware attack was on a small hotel in Devon.
"The criminals blocked the system which allowed doors to be opened. So customers could not get into their rooms. The hotel paid £50,000 and so you can see how this can affect any organisation," he added.
It is important to educate staff as up to 95% of successful hacks involved a human being at some stage.
"This is the part that is very difficult to control. I know that some TPAs will send an email to their staff once a month to simulate a ransomware attack. The individuals who click on the email show they are more vulnerable to make mistakes. From this the administrator can assign extra training," he continued.
Bell's five tips to handle cyber crime include education and awareness; operational health checks; regular testing including that of third parties; incident management and establishing the cyber footprint.
Of these measures the cyber footprint is one of the most important.
"Here trustees have to look at how data is passed to administrator, actuary, auditor and advisers to understand where data goes," he said.
Defined benefit (DB) schemes that provide GMPs must revisit and, where necessary, top-up historic cash equivalent transfer values (CETVs) that have been calculated on an unequal basis, a landmark court judgment said last week.
Technology platform PensionSync has partnered with quantum employment pioneer My Digital to help contractors and employers manage pensions as more workers do temporary work for multiple firms.
Capita Pensions has partnered with data technology solutions firm Intellica to tackle the GMP equalisation challenges facing pension schemes.
The Hewlett Packard Retirement Benefit Plan has reappointed EQ Paymaster as its third-party administrator (TPA) for five years.
Schemes and their administrators have rightly received much praise for ensuring that pensions have continued to be paid in full and on time during an unprecedented period of disruption.