|
In its newsletter it said that they must evaluate security more often, stop information leaks more quickly and be more alert regarding outsourcing risks, in particular the use of cloud storage.
DNB checked an unspecified number of pension funds for 54 criteria.
The supervisor noted that, compared to 2010, pension funds had improved on safety in programming software, increased the risk-awareness of their staff and improved co-operation on cybersecurity expertise.
However, it emphasised that pension funds must increase their investments in the quality of IT risk management, the monitoring of outsourced tasks, the testing of adjustments and “patch management”.
IT risk management needed more frequent evaluation and maintenance, DNB said, to prevent falling behind on “continuously changing cyber-risks”.
DNB found that no more than 60% of software security patches were installed within two days of being issued, and that full cover was only reached in 60 days, which it deemed “too long”.
The regulator announced an additional survey into data security, which would include an assessment of how quickly a pension fund was able to return to business as usual following a hack.