Register Login

Protecting your pension

Your pension (and pension data) is valuable. This means that, unfortunately, there are scammers and criminals who'd like to get their hands on it.

What’s the cyber risk to the Plan?

Institutions which manage large volumes of data and financial assets, particularly when they do so on behalf of others, must be especially attentive of the risk. The Plan is no different.

You may have heard of incidents over the past year that impacted other pension scheme operators. None of these incidents in the news impacted members of the Plan directly but a cyber breach for a pension scheme, or one of its providers, can cause significant financial, operational and reputational consequences as well as challenges for the sponsoring employer.

What is the Trustee doing?

The Trustee has been working closely with its providers and specialist cyber governance and cyber security advisers to develop the resilience of the Plan in this space. The Trustee recognises that cyber risk develops quickly using sophisticated methods, and as such the Plan can never be considered ‘immunised’ from the risk. However, the Trustee’s risk management framework should give members comfort that the Plan is proactive in its approach.

As part of that framework, the Trustee:

  • Delegated monitoring of cyber risk to the Audit & Risk Management Committee (ARMC), which is made up of a sub-set of Trustee Directors, with Company and adviser presence at each meeting.
  • Receives regular training and topical cyber updates from its advisers.
  • Completed comprehensive data and asset mapping of the stakeholder processing relationships in the Plan, risk-assessed those processes and applied consistent security protocols to them.
  • Conducted third-party assessments of all its providers using recognised international standards and fed back any appropriate observations to the providers. These assessments have been embedded into a recurring programme.
  • Is developing a robust Incident Response Plan in tandem with the Company.
  • Implemented guidelines for Trustee Directors to manage their own online exposure when conducting Plan business.
  • Is finalising an over-arching Cyber Policy, a strategic document which outlines the Trustee’s approach to managing the risk.
  • Has undertaken regular penetration testing of the member website and followed up on any recommendations.

Keep watching for scams

From social media ploys to cold calling you on the phone, by email, or by text, scammers will try every trick in the book to get your money. If you’re ever approached about your pension:

Stop and ask yourself if the offer passes the SCAM test.

Seems too good to be true?

Contacted out of the blue?

Asked for personal details?

Money is requested?

! If some or all of these signs are true/are evident, be careful. It could be a scam.

Find out more
Read more news

What can you do?

We would emphasise that it is equally important for you to remain vigilant about cyber security when carrying out transactions in respect of the Plan online.

Find out more