Data breaches are a frequent occurrence for the pensions industry, says Sackers webinar
A new survey by Sacker & Partners (Sackers), a UK-based specialist law firm for pensions and pensions litigation, has revealed that data breaches are occurring frequently.
The survey showed that just over a third of those responding to the survey have suffered a breach in the last twelve months, with almost half of such breaches reported to the Information Commissioners Office.
Sackers Senior Counsel, Arshad Khan, says: “The pensions industry is firmly in the sights of the media and seemingly public interest too when it comes to data security. And the headlines can be emotive, giving many the impression that the industry is not on top of the situation. But the pensions industry is no different to any other industry, and breaches or cyber attacks do and will continue to happen to everyone, including schemes, such as those in our survey, and government bodies such as DWP, TPR and HMRC too.
“Headlines tend to be grabbed by breaches resulting from criminal activity, something that has become increasingly commonplace over the last year. But most breaches are down to errors, either human or systematic in origin. That is why TPR has identified that a scheme’s internal controls need to include measures to reduce cyber risk.
“The risk of prosecution and fines from the ICO is real and they don’t need to be headline grabbing seven figure fines to cause trustees concern. The key message is to ensure that you have good scheme governance and controls in place across all aspects of data management and cyber security, in order to minimise potential damage to members and the scheme’s reputation and finances should a breach happen. This is one critical responsibility that trustees cannot delegate away!”