Trustees must have a "clear view" of the increasing number and sophistication of security risks, the Pensions Administration Standards Association (PASA) says as it launches guidance on cyber-security.
Coming just over a year after the introduction of the General Data Protection Regulation (GDPR), the guidance outlines how trustees can formulate a "robust and effective review" of their cyber security protocols.
It covers areas include risk assessment, governance, risk management, controls, and incident management.
These come in relation to four potential types of cyber risk and their main techniques: external targeted attacks, such as malware or phishing; internal accidental, such as weak passwords; internal deliberate, such as exfiltration of data; and supplier chain, comprising breaches with similar techniques as the other three categories.
PASA e-admin working group chairman Chris Connelly said: "The lead-up to GDPR, introduced in 2018, saw cyber risk taking a steep hike up the trustee agenda. New technology and innovations present opportunity for increased efficiency, but also mean the potential security risks are growing in volume and sophistication.
"It's important for trustees to have a clear view of these potential danger areas and actively reassess them over time."
He said the guidance has been designed to provide a "practical means" for trustees to identify risks and responsibilities, and then put together a "robust and effective plan of action to be taken should the worst unfortunately happen".
For example it outlines six steps for a risk assessment process, as well as the eight principles for pension scheme governance in relation to cyber security as outlined by The Pensions Regulator in its own guidance published last year.
Schemes should consider obtaining additional insurance to protect themselves against the potential of a cyber-attack, PASA said, enabling them to recover from and protect themselves against a cyber-attack.
"Being prepared is a necessity as experts believe if you haven't already suffered a cyber-attack in some form, you should expect it," the guidance said.
Communication is essential in a pensions environment governed increasingly by defaults, and with more schemes in distress. James Phillips joined a panel of experts to hear how it can be improved.
Penfold has launched a digital pension scheme aimed at the self-employed following a successful £2m funding round.
The Pensions Administration Standards Association (PASA) has published its first batch of guidance on defined contribution (DC) master trust transition, as further consolidation is expected.
LCP’s Ella Purkiss was the winner of the PMI's second student essay competition. In her paper, she sets out her ideas as to what the industry can learn from other sectors when designing and delivering the pensions dashboard.
The lack of clarity from HM Revenue and Customs (HMRC) on guaranteed minimum pension (GMP) equalisation is “no excuse” for stalling implementation, says Aon.