With the recent global hacking scandal that most notably compromised the confidentiality of NHS patient records, cyber security is more of a concern than ever before.
Pension schemes hold vast amounts of personal data – gold dust for fraudsters who want to steal it and hackers who want to destroy it.
As data controllers, trustees are required to take “appropriate technical and organisational measures” to prevent hacks and should be proactive in ensuring members’ interests, and data, are sufficiently safeguarded.
Not only could a data breach leave the company with inescapable data loss or damage and reputational harm, it could also play havoc with pension scheme processes, from record-keeping to paying benefits.
Trustees should identify the types of risks which affect the scheme, assess the likely incidence and consider what internal control mechanisms could be applied to mitigate these risks.
Cybersecurity should also be regarded as a key risk and therefore featured on your risk register.