Cyber threats to corporate pension schemes
The threats that cyber incidents pose to pension schemes have gone from unrecognised to unmissable in just a few years. As recently as five years ago the vast majority of pension schemes would not have had specific policies or processes to consider cyber threats. Fortunately, behind the scenes, most providers were generally alive to the risks and were managing them, even if they were not actively talking about them.
Click here to download the report
Pension schemes are at various stages in their cyber journey. Many have now covered the basics and are seeking to refine their mitigation actions. With over 100 schemes now having completed the Aon Pension Cyber Scorecard, this is the most comprehensive set of data on cyber activity across UK pension schemes. Listen to Paul McGlone and Lee Wilkinson share results, conclusions and good practices.
Aon's Cyber Scorecard
As the WannaCry ransomware swept through the NHS in May 2017, pension scheme trustees were starting to wake up to the issue. In April 2018 the Pensions Regulator issued its first guidance devoted to cyber risk, while in May 2018 GDPR introduced new controls around data. During 2019 the approach taken by pension scheme trustees continued to mature. Then as COVID-19 hit in 2020, schemes faced the twin challenges of increased cyber attacks (both on schemes and on members) and more of their scheme operations moving online.
It was in that environment that Aon launched the Pension Cyber Scorecard — a tool for UK trust-based pension schemes to assess their cyber resilience across a range of areas, and to see how they compare to other schemes. By the end of 2020 the Scorecard had been used by over 100 pension schemes, and this report summarises the responses to date.
It shows a mixed pattern across the industry, with some schemes having strong governance across all areas and some only just starting their cyber journey. The difference between the two is in some ways stark, but in other ways modest, with schemes able to take their cyber controls from novice to proficient in relatively short order.
To complete you own scorecard, visit www.aon.com/cyberscorecard.
For more information, contact us at firstname.lastname@example.org
Aon Solutions UK Limited - a company registered in England and Wales under registration number 4396810 with its registered office at The Aon Centre, The Leadenhall Building, 122 Leadenhall Street, London EC3V 4AN.