Pension scheme trustees are failing to give due focus to the increased risk of cyber attacks, lawyers from European firm Fieldfisher have warned.
While schemes are keen to keep up with advances in technology and to make member data easily accessible to members, many are doing so without paying attention to the risks they are opening themselves up to – and as such are opening themselves up to fines from the Pensions Regulator and the Information Commissioner, as well as compensation claims from members.
David Gallagher, Fieldfisher partner and head of the firm's Pensions group, said: "Schemes are keen to offer online services and apps and this can obviously greatly improve member engagement and efficient administration.
"However, cyber criminals are constantly moving across the web, probing for vulnerability and looking for accessible personal data. Pensions scheme systems have a wealth of personal data, and trustees have a responsibility to ensure that that data is held securely, with adequate internal controls."
Antonis Patrikios, a partner in Fieldfisher's Privacy, Security and Information group, said: "The risk is real, and is greatest for those who don't acknowledge it. Aside from the obvious PR issues around a hack, there is immediate damage to the organisation's operations and finances too. The scale of the task of dealing with a security breach cannot be overstated."
Gallagher said that scheme trustees need to make planning around cyber risks a business priority. "It's absolutely up there along the most business critical issues", he said. "It needs to be an priority in internal control and audit planning, and must be dealt with in administration contracts. And, of course, systems should be kept under review as risks change."
Fieldfisher is a leading European law firm with market leading practices in many of the world's most dynamic sectors, and is recognised as a leader in data protection work.
Sign up to our email digest