|
UK audit firm Crowe Clark Whitehill surveyed 145 pension professionals on risk management issues and found a split in opinion as to the importance of cybersecurity.
Data protection and cybersecurity issues ranked in the top five risk concerns, behind funding volatility, employer covenant strength, and investment issues.
However, Crowe Clark Whitehill identified a “significant difference in views between small and large schemes”.
Small schemes – defined as having less than £100m (€110.5m) in assets – were more likely to outsource activities to third parties, the audit firm said, and so would expect these parties to be responsible for data security.
Respondents responsible for defined contribution funds were more concerned about the issue than their counterparts running defined benefit schemes, the survey showed.
Eddie Hodgart, risk and assurance director at Crowe Clark Whitehill, said: “There is an awareness within schemes that the personal data that they hold is a valuable commodity and that they need to act to ensure that their members’ information is protected.
“However, while most trustees are comfortable managing financial and regulatory risks, many feel out of their depth with non-traditional risks such as cybersecurity. More work is needed to educate pension trustees on managing non-traditional risks which impact pension schemes.”
The findings follow a major cyberattack that hit UK institutions including the National Health Service earlier this year. The incident raised concerns about firms’ awareness of data security.
The UK’s Department for Digital, Culture, Media and Sport (DCMS) announced that it would be adopting the EU’s General Data Protection Regulation (GDPR) into its law book.