Pension providers in the UK witnessed an alarming surge in data breaches, reporting a staggering 4000% increase in incidents to the Information Commissioner’s Office (ICO) in the year leading up to June 30, 2023, according to a report by RPC, a professional services firm.
Furthermore, this marked the pension sector as the hardest-hit within the financial services industry. In 2021/22, only six cyber-attacks leading to data breaches were reported, while the number rose dramatically to 246 in the subsequent year. The overall financial services sector also saw a significant rise of 242% in cyber-attacks leading to data breaches during the same period.
RPC highlighted that pension funds are prime targets for ransomware actors due to the vast amounts of sensitive financial and personal information they store. Additionally, the uninterrupted operation of pension systems is crucial for paying pensioners, making them vulnerable to disruption from cyber-attacks. Richard Breavington, RPC partner and head of cyber and tech insurance, emphasized that pension fund trustees must manage cyber-risk effectively to fulfill their legal duties.
Caleb Mills, professional services director at Doherty Associates, suggested that the increase in reports to the ICO could be interpreted positively, indicating that more financial services firms are proactively identifying and notifying the regulator of incidents.
However, he stressed the importance of a comprehensive cybersecurity approach that involves continuous monitoring and timely updates across the entire supply chain. The consequences of failing to maintain robust security measures extend beyond financial implications to include long-lasting reputational damage for businesses falling victim to data breaches in the financial services sector. Vigilance in cybersecurity has never been more critical.
