Dutch pension funds aren’t sufficiently in control of data security and outsourcing risks, according to regulator De Nederlandsche Bank (DNB).
In its newsletter it said that they must evaluate security more often, stop information leaks more quickly and be more alert regarding outsourcing risks, in particular the use of cloud storage.
DNB checked an unspecified number of pension funds for 54 criteria.
The supervisor noted that, compared to 2010, pension funds had improved on safety in programming software, increased the risk-awareness of their staff and improved co-operation on cybersecurity expertise.
However, it emphasised that pension funds must increase their investments in the quality of IT risk management, the monitoring of outsourced tasks, the testing of adjustments and “patch management”.
IT risk management needed more frequent evaluation and maintenance, DNB said, to prevent falling behind on “continuously changing cyber-risks”.
DNB found that no more than 60% of software security patches were installed within two days of being issued, and that full cover was only reached in 60 days, which it deemed “too long”.
The regulator announced an additional survey into data security, which would include an assessment of how quickly a pension fund was able to return to business as usual following a hack.
Full news
© IPE International Publishers Ltd.
Key
Hover over the blue highlighted
text to view the acronym meaning
Hover
over these icons for more information
Comments:
No Comments for this Article