U.K. pension trustees should be vigilant about cybersecurity and report significant events, The Pensions Regulator said in updated guidance released Dec. 11.

“Pension schemes are at risk of being targeted by cyber-attacks because of the large amounts of personal data and assets they hold,” TPR said in a release, saying the guidance will help trustees and plan managers as well as suppliers and advisers.

The latest guidance calls on trustees and providers to report significant cyber incidents to help it build a better picture of cyber-risks faced by the pension industry. Louise Davey, interim director of regulatory policy, analysis and advice for TPR, said in the release that the evolving nature of cyber-risk “requires a dynamic response. It’s a very real threat as we have seen from events this year.”

Trustees and providers do not need to fully investigate incidents before reporting to TPR, but reporting does not replace existing legal requirements to report data breaches to the Information Commissioner’s Office, TPR said. Trustees are legally required to report breaches that are likely to be of material significance, including from a cyber incident, if it impedes core transactions such as benefit payments.

Simon Kew, head of market engagement at independent consultancy Broadstone, welcomed TPR taking a proactive role, as cyberattacks increase. “Collaborating as an industry through actions like reporting on threats and attacks can help drive us towards a secure future that protects the pensions of members,” Kew said in an emailed statement.

Read more @pionline