On the go: Almost half of pension schemes (43 per cent) have not tested the strength of their plan’s IT systems, processes and procedures for cyber crime protection, according to new research.
Crowe’s risk management report, based on 93 responses from trustees of UK pension schemes, showed that information security remains a key vulnerability.
Member identity theft remains a real risk as nearly a third of schemes (29 per cent) do not use electronic ID verification for UK members, increasing to 63 per cent for overseas individuals, according to the advisory risk company.
On third-party suppliers, commonly used by pension funds, the research highlighted that 28 per cent of respondents have not assessed the vulnerability of their suppliers to cyber crime. That figure rises to 43 per cent for small schemes and 33 per cent for medium schemes.
Crowe’s survey also revealed that further investment is needed to respond properly to a cyber incident and minimising potential damage.
At present, 47 per cent of respondents do not have insurance to cover a cyber attack, with 42 per cent of all pension schemes lacking access to specialist skills to investigate cyber crime incidents, rising to 50 per cent of small schemes.
The risk company said that the survey results are “particularly concerning”, since there were 1.87mn incidents of cyber crime in England and Wales in the 12 months to September 2021, compared with 876,000 in the same period prior to March 2020, according to Office for National Statistics figures.
This represents an increase of 113 per cent, while incidents of fraud have increased by 39 per cent in the same period.
Jim Gee, partner and national head of forensic services at Crowe, said: “Fraud and cyber crime are the crimes of the 21 century, accounting for over half of all crimes in England and Wales.
“With their high volume of payments to members and the amount of personal data held, pension schemes are seen as attractive targets by fraudsters. Trustees need to not only be aware of that fact, but act on it and implement preventative measures to mitigate the threat and impact of an incident.”
Gee warned that the “risk of a cyber attack is more of a ‘when’ than an ‘if’ today”.
He added: “Pension schemes have made a lot of progress in protecting themselves since we started our risk management report five years ago, but much more needs to be done as the likelihood and sophistication of attacks continue to rise.
“Trustees would be well advised to look further into testing their scheme’s IT processes and systems, and they must not neglect supplier risks too. Suitable insurance to cover cyber crime incidents should also be a consideration.”
