Pension providers in the UK have experienced a significant increase in data breach reports to the UK regulator [4], according to data compiled by professional services firm RPC [4]. This surge in cyber-attacks has made the pension sector the hardest hit in the financial services industry.
Description
Last year [4], there were 246 breaches reported [1] [5] [6] [9], compared to only six in the previous year [8] [9], representing a rise of 4,000%. Hackers are specifically targeting pension funds due to the valuable financial data they hold, making them susceptible to ransom demands [7]. Trustees of pension schemes can be held liable for failing to appropriately manage cyber risk [7], as cybersecurity is considered a fundamental duty [7].
It is concerning that many financial services firms [7], including pension schemes [6] [7] [9], have fallen victim to cyber-attacks and data breaches. The assumption that major financial services businesses have strong cyber defenses is not always accurate [7] [9], as hackers continue to target them [7]. Therefore, it is crucial for financial services firms to maintain a robust security posture in order to avoid lasting reputational damage from data breaches.
The increase in cyber-attacks on financial services [9], particularly pension schemes [1] [2] [5] [6] [9], highlights the need for proper management of cyber risks [9]. Recent incidents involving Capita and the Universities Superannuation Scheme have prompted regulatory action and investigations [9]. The Pensions Ombudsman (TPO) also experienced a cyber incident [9], leading to a temporary disruption of services [9]. However, their services have since been restored after an investigation [9].
According to research by international law firm RPC [2] [3], cyber security breaches for UK financial services firms have increased threefold from 2021-2023 [3] [5] [6]. Reports of cyber security breaches to the Information Commissioners Office (ICO) have risen from 187 to 640 [2] [3]. The pensions sector saw a significant increase from six to 246 reports [3]. This data suggests a concerning trend of increasing cyber security breaches in the financial services industry [3].
Richard Breavington [2] [5] [6] [8], partner and head of cyber and tech insurance at RPC [2] [4] [5] [6], emphasizes the importance of cyber security for pension scheme trustees [2] [5] [6] [8], as they can be held liable for failure to manage cyber risk appropriately [1] [2] [5] [7]. Hackers target pension schemes due to the valuable and sensitive financial data they hold [2] [5]. The financial sector is a prime target for cyberattacks due to the vast amounts of sensitive data and financial transactions it handles [1]. However, the financial services sector appears to be lagging behind other sectors in addressing this issue [1]. The Absolute’s Resilience Index 2023 shows that the financial services sector’s Windows 10 patch age was 118 days [1], higher than the professional services sector [1].
Caleb Mills [8], professional services director at Doherty Associates [8], suggests that the increase in reports to the ICO could indicate improved incident detection and reporting [8]. He emphasizes the need for a holistic approach to cybersecurity and the potential consequences of failing to maintain a robust security posture [8].
Conclusion
The increase in cyber-attacks on financial services [9], particularly pension schemes [1] [2] [5] [6] [9], has significant implications for the industry. It highlights the need for proper management of cyber risks and the importance of maintaining a robust security posture. The rise in data breach reports to the UK regulator and the increase in cyber security breaches in the financial services industry are concerning trends that require immediate attention. It is crucial for financial services firms [4], including pension providers, to prioritize cybersecurity and take proactive measures to protect sensitive financial data. Failure to do so can result in reputational damage, regulatory action [4] [9], and potential liability for trustees. The financial services sector must address this issue and adopt a holistic approach to cybersecurity to mitigate the risks and consequences of cyber-attacks.
References
[1] https://corporate-adviser.com/surge-in-cyber-attacks-at-pension-firms/
[2] https://www.cityam.com/reported-cyber-security-breaches-increase-threefold-for-financial-services-firms/
[3] https://www.cybersecurity-review.com/news-september-2023/uk-reported-cyber-security-breaches-increase-threefold-for-financial-services-firms/
[4] https://www.infosecurity-magazine.com/news/pension-firms-report-4000-surge/
[5] https://www.business-money.com/announcements/cybersecurity-breaches-triple-for-financial-services-firms/
[6] https://beyourown.org/cybersecurity-breaches-triple-for-financial-services-firms/
[7] https://www.rpc.co.uk/press-and-media/cybersecurity-breaches-at-financial-services-firms-more-than-trebles/
[8] https://osintcorp.net/pension-firms-report-4000-surge-in-breaches/
[9] https://www.professionalpensions.com/news/4128928/sharp-rise-scheme-cybersecurity-breaches
