LONDON (14 October 2019) - Aon, (NYSE:AON) a leading global professional services firm providing a broad range of risk, retirement and health solutions, has said that responses to its Global Pension Risk Survey 2019 show that almost a quarter of trustees of UK pension schemes have still had no training on the risk of cybercrime.
Cyber risk is a growing hazard to modern businesses - and pension schemes with their combination of financial assets and member data are certainly not exempt from the threat. While 95% of respondents to the survey said that their schemes had not yet been affected by cybercrime, a handful confirmed that they had been – and their number is expected to increase.
Vanessa Jaeger, principal consultant at Aon, said:
“It’s encouraging that 77% schemes have undertaken some form of cyber training or plan to have it in the next 12 months. But that still means that 23% are ignoring one of the key risks facing modern business. Getting some training is the first and simplest thing that trustees can do in considering the risk - just so they can fully understand some of the issues and know how to take informed actions.
“We believe that in some cases this lack of action is where people may have outsourced services to third parties and assume the issue lies with them. But if those suppliers – and the schemes – are impacted by a cyber-attack, trustees will have no plan in place to manage the situation and may find that they are struggling to support their scheme members and to know what the appropriate action should be – let alone how to take it.”
This year’s survey found that two-thirds of schemes currently have no documentation of cyber risks, mitigations and security policies and procedures. Broadly half of respondents have not carried out and do not plan to carry out a review of data transfer agreements – which seems especially low given recent GDPR requirements.
Vanessa Jaeger said:
“We have worked with many schemes on cyber simulation exercises – essentially a ‘war game’ of how a cyber-attack might unfold. These involve running a trustee board through what can occur and is designed to get participants to consider the actions they to need to take to deal with the situation.
“The natural follow on from any training is to have an incident response plan. That can vary from a list of contact details and a checklist to a robust plan of action. 60% of respondents said that they do have one of these or plan to do so within the next year. But bear in mind that the Pensions Regulator (TPR) has stated that good governance includes establishing and testing your incident response plan – so the other 40% of schemes needs to act swiftly.”
Vanessa Jaeger continued:
“But the planning shouldn’t stop there. This is a real and ever-growing threat, so trustees and pension scheme sponsors need to be alive to the issue and to have had some training around it. They should also repeat the training at least every two years; cyber criminals’ tactics and techniques continue to evolve so it’s vital to stay as up to date as possible on what is – sadly – a growing and changing risk.”
You can read the chapter on Cyber Risk here.
020 3755 1629
The Global Pension Risk Survey is Aon's survey, conducted every two years, of the defined benefit pension scheme universe. 170 respondents replied to the UK survey, representing schemes of a broad range of sizes from less than 500 members to over 10,000 members. Nearly two-thirds of respondents were trustees, with the remainder primarily being a combination of pensions managers and corporate representatives.
The survey will also be reporting in other significant DB geographies, including the US, Canada and Germany.
The UK Global Pension Risk Survey is being released in five chapters over the course of September and October 2019.
Notes to Editors
Aon plc (NYSE:AON) is a leading global professional services firm providing a broad range of risk, retirement and health solutions. Our 50,000 colleagues in 120 countries empower results for clients by using proprietary data and analytics to deliver insights that reduce volatility and improve performance.
Aon announced in May 2018 it will retire the business unit brands of Aon Benfield and Aon Risk Solutions, which follows the retirement of the Aon Hewitt business unit brand in 2017. This move was designed to increase the rate of innovation across the firm and make it easier for colleagues to work together to bring the best of Aon to clients. Aon has five specific global solution lines: Commercial Risk Solutions, Reinsurance Solutions, Retirement Solutions, Health Solutions and Data & Analytic Services.
Follow Aon on Twitter: @AonRetirementUK
Sign up for News Alerts: http://aon.mediaroom.com/index.php?s=58